MasterKale
commented
1 year ago Good catch, I didn't account for this in the revamp of the site (#58) so it's probably still an issue. Leaving this open for now.
Closed nharper closed 1 year ago
MasterKale
commented
1 year ago Good catch, I didn't account for this in the revamp of the site (#58) so it's probably still an issue. Leaving this open for now.
Today, when trying to log in with a username of "test", I got the error "The
allowCredentialsattribute exceeds the maximum allowed size (64)". This error comes from Chrome's implementation (https://source.chromium.org/chromium/chromium/src/+/main:third_party/blink/renderer/modules/credentialmanagement/credentials_container.cc;l=929?q=allowCredentials%2064&ss=chromium).It appears the cause of this is that "test" is a popular username, so many people have registered keys with that name. When performing a login, webauthn.io client code requests all registered IDs for the given username from the server, and puts all of them in allowCredentials.
One possible fix for this would be to limit how many keys can be registered for a given username.