Re: [webauthn] Consider RP ID migration use cases (#2350) from Nina Satragno via GitHub on 2025-10-27 (public-webauthn@w3.org from October 2025)

From: Nina Satragno via GitHub <noreply@w3.org>
Date: Mon, 27 Oct 2025 19:12:01 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-3452890980-1761592319-noreply@w3.org>

> I'd imagine the client allowing the request if the user has another passkey with matching username under a related linked RP ID

The client may have two authenticators attached with a passkey for that { RP ID, user handle }, but conditional create returns a single passkey back. You could try to be smart and e.g. look at the aaguid, but that's not guaranteed to be unique either.

-- 
GitHub Notification of comment by nsatragno
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/2350#issuecomment-3452890980 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Monday, 27 October 2025 19:12:02 UTC