- From: Akshay Kumar via GitHub <noreply@w3.org>
- Date: Thu, 10 Jul 2025 07:43:05 +0000
- To: public-webauthn@w3.org
> If user does not have an account with their device, one is created for them. If they do have, they are signed-in. No username, no user ID. User authenticated by having access to the device and being able to use it to do the authentication flow using WebAuthn. User account on the RP side is created after authenticating for the first time It seems like you are saying that if no credential exist, then it is a new user for you? And you are fine with having a constant userName for the user in system UI because at the time of credential creation you don't know who the user is? > The only issue currently is, you or user can override them by accident if RP does a "create" call when key is in fact present. If get call fails, you can randomly generate new userHandle and invoke create. As userHandle is random, existing credential will not be overwritten. -- GitHub Notification of comment by akshayku Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1568#issuecomment-3056112151 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Thursday, 10 July 2025 07:43:06 UTC