Closed petrdvorak closed 2 months ago
Add optional operationId
to POST /fido2/assertions/challenge
. If filled, we load the operation instead of creating a new one.
I work with the table SELECT * FROM public.pa_operation ORDER BY timestamp_created DESC
. I retrieve the ID and call the endpoint with operationId — no new record is created in the table. I call the endpoint without operationId — a new record is created in the table.
Currently, combining multiple means of authentication on the web could result in multiple operations being created. We should allow requesting FIDO2 assertion challenge with the provided operation ID, so as to avoid this duplicity.