You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We currently have two separate pools for passkey and U2F tokens. Since most clients can only handle a single token for an WebAuthN OP, this led to problems when using the same device for Passkey and U2F, where the second one wins over the first.
The session API already has a single webauthn challenge, where depending on the user_verification flag, possible tokens / devices are allowed.
We should move the tokens / devices into a single list so that a device can only be used once.
The text was updated successfully, but these errors were encountered:
We currently have two separate pools for passkey and U2F tokens. Since most clients can only handle a single token for an WebAuthN OP, this led to problems when using the same device for Passkey and U2F, where the second one wins over the first.
The session API already has a single webauthn challenge, where depending on the user_verification flag, possible tokens / devices are allowed.
We should move the tokens / devices into a single list so that a device can only be used once.
The text was updated successfully, but these errors were encountered: