To protect the credential sharing, the user should authenticate himself via webauthn to authorize an action like#
sending the credentials for a presentation
viewing specific information
We are not able to use the information from the oidc provider since the key is bound to the domain and can not be used here again.
The downside of this approach is that the user needs to register two webauthn approaches (one for authentication via keycloak when accessing the application, the other to trigger specific actions inside the application)
To protect the credential sharing, the user should authenticate himself via webauthn to authorize an action like#
We are not able to use the information from the oidc provider since the key is bound to the domain and can not be used here again.
The downside of this approach is that the user needs to register two webauthn approaches (one for authentication via keycloak when accessing the application, the other to trigger specific actions inside the application)