Closed asavageiv closed 5 months ago
Reading betwen the lines I think this appears to be mentioned here: https://github.com/heartcombo/devise/issues/5527#issuecomment-1407233859, specifically:
A concrete example I've run into is labelling passkeys for different subdomained apps: a solution there is to store the key as a resident key (for a pure passwordless experience), and clearly label the key through the username (eg: App A: email@test.com). This is more a UI problem the browser/OS implementations for keychain access. That's outside of the scope of what app developers have to deal with, since it's part of the larger OS (which we don't have control over).
Sorry for the delay in replying! The label
is required because it's best to make sure the user knows which key they're looking at when reviewing their passkeys after logging in. For example, a user could have the following passkeys, each of which should be labeled appropriately:
As an application, you could pre-fill these values (as certain implementations do), but each passkey should be labeled in some capacity to avoid confusion.
Oh yeah I've had this issue with MFA. An individual MFA doesnt need it but when I started to load multiple MFA TOTP codes into an app, I for sure wanted to know which one is which and much prefer not having to type that in myself.
Probably resolved from @tcannonfodder's explaination. Suggest can now be closed.
From that understanding it is not required. It's optional, but very useful. So we should probably update the docs. I'll take a quick pass at a PR.
The docs say
label:string (required, cannot be blank you'll want to scope it to the Devise-enabled model)
. Why is this required and what does it mean to be "scoped to the Devise-enabled model"? What is its purpose? I don't generally see "label" inputs on other Passkey enabled websites nor do I want one on mine, so what should its value be?