MasterKale
commented
1 year ago @Radiergummi Thank you for the PR! I like this upgrade to the example project, not too complex but really helps clarify how RP's can leverage sessions for tracking expected challenges.
Aside from my one request I think this is good to go.
This PR adds sessions to the example app, which can be used to store the current challenge in. This provides better guidance to users trying to implement passkey flows using SimpleWebAuthn. Ideally, the passkey docs could be expanded a little to bring the general concept across - once you know how it works, it's immediately clear the ephemeral challenge will need to be stored separately, and sessions are a great fit for that.
This will solve #103, #325, and aid users landing in discussion #321.
I hope this helps you a little, @MasterKale :)