Comments (4)
I recommend taking a look at the v2 preview https://webauthn-ciy.pages.dev/authentication/ to see the ways to log in.
Basically, while "usernameless" authentication is possible, I would not advise it. If you use credentials "discovery", the user will see passkeys with cryptic names, and if you want to trigger authentication directly using the list of allowed credentials, you still need a way to identify the user and poll the server for the credential IDs.
from webauthn.
That is correct.
Yes, you should keep a list of credentials for the user on the server side.
During authentication, you have two options:
- provide an empty credential IDs list => This will trigger "credential discovery" on the client device and the user can pick any available passkey
- provide the list of allowed credential IDs => The first one also present on the client device will be taken
Note that the exact behavior / UX depends on the platform (and to a lesser extend also the browser).
from webauthn.
Do I have to explicitly "use credential discovery", or that feature is up to the platform / authenticator? My understanding is that after I register the user I create a User in my database and add the credential to his 'devices' array, for example, then in order to authenticate him, I leave the credentials as an empty array on the client side, the authenticator will return a credential, I will send the credential to the server, find a user matching that credential, and the authentication process is complete. Is this a correct understanding?
from webauthn.
Thank you!
from webauthn.
Related Issues (20)
- Using 1Password does not work on demo HOT 1
- Update authenticator names list HOT 1
- Display QR code immediatly HOT 7
- Allow passing `authenticatorSelection.residentKey` option in `client.register` HOT 9
- Import issue in Nestjs HOT 9
- Compatibility with 1Password and Bitwarden HOT 4
- Counters don't work on macbook HOT 5
- Server should not log to console.debug HOT 5
- Issue with ES Modules in firebase functions HOT 4
- ReferenceError: crypto is not defined HOT 1
- verifyAuthentication ERR_OSSL_EVP_DECODE_ERROR HOT 6
- Unexpected RpIdHash HOT 15
- Does it has commonjs version? HOT 3
- Upcoming changes for version "2"? HOT 12
- Error registering key using 1Password HOT 3
- Error: DOMException: The request is not allowed by the user agent or the platform in the current context, possibly because the user denied permission HOT 2
- ReferenceError: crypto is not defined HOT 7
- Missing crypto import? HOT 3
- Error: ReferenceError: module is not defined in ES module scope in SvelteKit/Vite HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from webauthn.