- From: Martin Kreichgauer via GitHub <sysbot+gh@w3.org>
- Date: Wed, 21 May 2025 21:41:31 +0000
- To: public-webauthn@w3.org
kreichgauer has just created a new issue for https://github.com/w3c/webauthn: == Conditional create with existing passkey == Should conditional create requests fail if a credential with matching username already exists? Currently, the spec has no special guidance on what the client/authenticator should do with a conditional create request when a passkey already exists for the same username. For regular create requests, the specified behavior is to replace the existing passkey with a new one (i.e. the authenticator should only ever have one credential per username), so presumably that should apply to conditional requests too. But the developers probably never actually want to replace any existing passkeys with a conditional create call, (and possibly bother the user with confirmation UI for a passkey they already had). They could achieve this by passing an excludeCredentials list with all known credential IDs for the user. But perhaps it would be a better developer experience if conditional create requests failed with an error if a passkey for the same username exists already? Please view or discuss this issue at https://github.com/w3c/webauthn/issues/2296 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Wednesday, 21 May 2025 21:41:31 UTC