Currently, in the test app, if a user registers with the same User ID multiple times, any existing passkeys will the overwritten.
Changes
When registering a new passkey, send a map of credentials already associated with the user via excludeCredentials. This will be checked by the user agent to avoid creating a new credential on an authenticator that already has a credential mapped to the specified user.
Other changes
After making the changes, I ran into another issue-
If a user creates a passkey with one authenticator then creates another passkey on a second authenticator, the credentials stored in credentialsByID will be overwritten. To fix this, I updated the credentialsByID to store an array of credentials rather than just a single credential.
getify
commented
3 months ago
Issue
Currently, in the test app, if a user registers with the same User ID multiple times, any existing passkeys will the overwritten.
Changes
When registering a new passkey, send a map of credentials already associated with the user via
excludeCredentials. This will be checked by the user agent to avoid creating a new credential on an authenticator that already has a credential mapped to the specified user.Other changes
After making the changes, I ran into another issue-
If a user creates a passkey with one authenticator then creates another passkey on a second authenticator, the credentials stored in
credentialsByIDwill be overwritten. To fix this, I updated thecredentialsByIDto store an array of credentials rather than just a single credential.