How do you handle passkeys deleted by users on their device #481
Replies: 2 comments
-
When I read this I'm struck with the thought that if you're getting back, "credential was previously registered" then the credential wasn't actually deleted from iCloud Keychain... If you go into Settings > Passwords on macOS or iOS do you still see a passkey for your site? That's where I've had to go to also delete passkeys, and I wonder if it's the same place you're referring to when you mention, "user removed passkey from keychain (i.e. iCloud)" 🤔 |
Beta Was this translation helpful? Give feedback.
-
Hey @MasterKale, appreciate you taking the time to respond in your free time! Exactly my thought, I'm so puzzled by it. I can confirm that both my MacBook and iPhone no longer have the passkey
When I omit the excludeCredentials it would just create a new passkey every time (makes senses). So I would'v figured when you delete the passkey, it would create a new one. |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
Hey all,
Wondering how you lads handle passkeys deleted by users on their device 🤔
Scenario:
In this scenario, our website still has the authenticator info stored, which we also add to the generateRegistrationOptions.excludeCredentials.
At this point it's impossible for a user to register the device again (at least it is for me... "The authenticator was previously registered") until the user removes the authenticator in our website backend themselves.
Is this the normal flow or am I missing something?
Edit: People can login with email etc, was just wondering about this part in general.
Cheers,
W
Beta Was this translation helpful? Give feedback.
All reactions