W3C home > Mailing lists > Public > public-webauthn@w3.org > June 2022

[webauthn] How to know if a user has already registered a device? (#1749)

From: Arnaud Dagnelies via GitHub <sysbot+gh@w3.org>
Date: Sun, 19 Jun 2022 06:50:41 +0000
To: public-webauthn@w3.org
Message-ID: <issues.opened-1275970697-1655621439-sysbot+gh@w3.org>
dagnelies has just created a new issue for https://github.com/w3c/webauthn:

== How to know if a user has already registered a device? ==
So, here is the scenario...

The user "john.doe@example.com" opens his browser on some website and user John Doe of course has multiple devices like a laptop, a tablet, a phone, and so on.

Ideallly, when opening the authentication screen, some guidance is helpful. Mainly requesting the user to login with its existing credentials with `credentials.get` or to register a new device with `credentials.create`.

So basically... how to check if the user has already registered its device? Is this possible?

Any "local" solution like cookies, localStorage and so on are of course problematic because it can be cleared, the user might switch browser, be incognito, and so on.

It is fairly straightforward to get the list of registered credential ids from the server, however you still cannot check if any of them is present on the device, right?

Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1749 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Sunday, 19 June 2022 06:50:42 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:46 UTC