search

davidearl / webauthn

An implementation of webauthn in PHP on the server side (e.g Yubico 2 and Google Titan keys)
https://webauthn.davidearl.uk
MIT License
132 stars 24 forks source link

register each yubikey only once #39

Open Nexulo opened 5 years ago

Nexulo commented 5 years ago

Is there a way to check in the register() function whether this yubikey or device has already been registered for the user?

At the moment I can register several devices for one user, but unfortunately it does not recognize if a device (yubikey) has already been registered for the user.

At the moment I can register the identical yubikey infinite times for the same user.

davidearl commented 5 years ago

There isn't currently, and to do it properly would require some kind of unique id for the device. Obviously that's related to device identification which you also commented on.

Having said that, it doesn't really matter if the device is registered more than once.

There is a pull request outstanding about identifying devices which I haven't had a chance to look at yet, but there the device is being named by the user.

imnpc commented 4 years ago

I have been test it work ok . maybe you can use this link : https://github.com/davidearl/webauthn/issues/14 if this user use the fido device >1, error info : InvalidStateError: An attempt was made to use an object that is not, or is no longer, usable