Is there any way I can validate only one authenticator device allow to register one time in RP? #362
-
|
Hello I want to implement logic to handle one device can only register one time in my RP server. Since device like YubiKey can register multiple time in one RP with difference public key and credential id is there any information that unique per device that I can use for this validation? Thank. |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 2 replies
-
|
Hi! This sounds like a duplicate of issue #354. Does that thread answer your question? In short, the answer depends on whether you want to prevent registering the same authenticator to the same account more than once (this is possible, and the library does this automatically) or prevent registering the same authenticator to more than one account (this is impossible by the design of WebAuthn). |
Beta Was this translation helpful? Give feedback.
-
|
Oh yes thank you it's answer my question. I want to prevent registering the same authenticator to more than one account in one RP. Since this is not possible I have to find another way. |
Beta Was this translation helpful? Give feedback.
-
|
Just out of curiosity: why do you want to prevent that? |
Beta Was this translation helpful? Give feedback.
Hi! This sounds like a duplicate of issue #354. Does that thread answer your question?
In short, the answer depends on whether you want to prevent registering the same authenticator to the same account more than once (this is possible, and the library does this automatically) or prevent registering the same authenticator to more than one account (this is impossible by the design of WebAuthn).