[webauthn] How to know if a user has already registered a device? (#1749)

dagnelies has just created a new issue for https://github.com/w3c/webauthn:

== How to know if a user has already registered a device? ==
So, here is the scenario...

The user "john.doe@example.com" opens his browser on some website and user John Doe of course has multiple devices like a laptop, a tablet, a phone, and so on.

Ideallly, when opening the authentication screen, some guidance is helpful. Mainly requesting the user to login with its existing credentials with `credentials.get` or to register a new device with `credentials.create`.

So basically... how to check if the user has already registered its device? Is this possible?

Any "local" solution like cookies, localStorage and so on are of course problematic because it can be cleared, the user might switch browser, be incognito, and so on.

It is fairly straightforward to get the list of registered credential ids from the server, however you still cannot check if any of them is present on the device, right?

Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1749 using your GitHub account

Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Sunday, 19 June 2022 06:50:42 UTC