atinux
commented
3 weeks ago It does not create a new user either a passkey in database but show an error:
https://github.com/user-attachments/assets/33248242-d7f7-46ca-9ba4-8da959519a31
Closed larrasu closed 2 weeks ago
atinux
commented
3 weeks ago It does not create a new user either a passkey in database but show an error:
https://github.com/user-attachments/assets/33248242-d7f7-46ca-9ba4-8da959519a31
larrasu
commented
3 weeks ago What I mean is it still creates a passkey on the device. Here the todo-passkeys was able to create 2 passkeys on the device even if the user already exists.
https://github.com/user-attachments/assets/2fcf67db-0bbd-4921-b1f6-c8118c850ba6
I was expecting something like this:
https://github.com/user-attachments/assets/265add28-38b0-42af-95ee-6e611d35c3ef
atinux
commented
3 weeks ago cc @Gerbuuun
Gerbuuun
commented
3 weeks ago To prevent duplicate credentials, you should add existing credentials related to the given username to the I will create a PR to the excludeCredentials option in the getOptions function.nuxt-todo-passkeys with an example of how to do it after #266 is merged (which contains a type fix).
We might want to create an excludeCredentials function to the defineWebAuthnRegisterEventHandler just like the allowCredentials function in defineWebAuthnAuthenticateEventHandler.
edit: I added the excludeCredentials in the PR because otherwise the credential db query will run both on init and on verification. So the example will use the excludeCredentials function.
atinux
commented
3 weeks ago v0.5.1 is out @Gerbuuun (thank you so much)
I'm following nuxt-todo-passkeys. On the auth page, if a user already exists, it still creates a passkey. How do I avoid this?