W3C home > Mailing lists > Public > public-webauthn@w3.org > June 2022

Re: [webauthn] How to know if a user has already registered a device? (#1749)

From: Tim Cappalli via GitHub <sysbot+gh@w3.org>
Date: Tue, 21 Jun 2022 20:23:43 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-1162301054-1655843022-sysbot+gh@w3.org>
> But isn't that a "same platform" thingy. Like if I have an IPhone and a Windows Desktop, it won't sync credentials anyway.

Yes, credentials are backed up across devices in the same ecosystem, but can also be used to authenticate across ecosystems. For example, you can use a passkey on your iPhone to sign into a site on Windows. The credential does not move, but an assertion is made across devices. In this cross-device flow, it is recommended that the RP then initiate a makeCredential to create an additional passkey in that ecosystem (Microsoft in that example). This way the user can use the local platform for subsequent authentications instead of having to pull their phone out. 

> Is this the "pick a user" dialog when you make a get without credential IDs? Or is it something else?

GitHub Notification of comment by timcappalli
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1749#issuecomment-1162301054 using your GitHub account

Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Tuesday, 21 June 2022 20:23:45 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:46 UTC