Re: [webauthn] How to know if a user has already registered a device? (#1749) from Firstyear via GitHub on 2023-11-23 (public-webauthn@w3.org from November 2023)

From: Firstyear via GitHub <sysbot+gh@w3.org>
Date: Thu, 23 Nov 2023 22:40:40 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-1824974329-1700779237-sysbot+gh@w3.org>

>  I think only `credentials.exists(rpId)` is all that is needed. Is there any credential stored for the RP? How is that a super-cookie?

Because if you are doing the responsible thing, and *not* forcing discoverable credentials, you need the credentialIds present to pass to devices to check that they match for this rpId or not. 



-- 
GitHub Notification of comment by Firstyear
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1749#issuecomment-1824974329 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Thursday, 23 November 2023 22:40:42 UTC