Re: [webauthn] How to guarantee created resident key is actually received by RP in adverse networking conditions? (#2038) from Arian van Putten via GitHub on 2024-03-26 (public-webauthn@w3.org from March 2024)

From: Arian van Putten via GitHub <sysbot+gh@w3.org>
Date: Tue, 26 Mar 2024 06:56:54 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-2019522179-1711436212-sysbot+gh@w3.org>

Related to this problem -- at least Safari seems to completely ignore `excludeCredentials`.  This means users of our RP end up with multiple  iCloud passkeys in their account and there is nothing stopping us from it.  They then don't know which one is the "Active" passkey and when they delete the wrong one they get locked out of their account forever.



-- 
GitHub Notification of comment by arianvp
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/2038#issuecomment-2019522179 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Tuesday, 26 March 2024 06:56:55 UTC