Replies: 1 comment 3 replies
-
|
Hi, When getting an assertion, you typically use the credential ID to identify a credential that your RP knows of. If you're using non-discoverable credentials, you reach for For discoverable credentials, you don't need to supply any credential ID up front. Instead, the authenticator will return a list of assertions and it's up to the client to prompt the user to select which credential to pass on to the RP. Having done so, the RP can match the credential ID using its user database. (Note that several steps for verifying the assertion has been omitted above. 🙂) |
Beta Was this translation helpful? Give feedback.
-
|
Thank you for your response. Is using multiple credential IDs possible with And if it's not currently possible, can we discuss implementing it? |
Beta Was this translation helpful? Give feedback.
-
|
One more question: how does pre-flighting work with authenticators having alwaysUv enabled? |
Beta Was this translation helpful? Give feedback.
-
No,
It depends on the authenticator implementation, refer to CTAP 2.2 § 7.2.3, step 1.3. |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
Hello, is there any way to use
fido2-assertcommand with multiple credentials, so the whole FIDO2 machinery will figure out the one credential that matches to a plugged in Yubikey?Beta Was this translation helpful? Give feedback.
All reactions