Showcase recommended usage patterns
abergs opened this issue · 2 comments
These patterns do not need to include code but could simply serve as guidance for developers, describing the flow for different popular patterns.
e.g:
Login a user
describe use case and flow
Verify user action
describe use case and flow
Not sure if it helps, but one of my main points of confusion is how to safely register a 2nd device when using a TPM authenticator type.
Edit: Might be better to look into this at "spec" level? For example, I found this discussion: w3c/webauthn#151
Yes, that is a topic that has come up. Generally the recommendation is using a roaming authenticator to bootstrap multiple platform authenticators. You could come up with a way to use a device to on board another device. The way Keybase works always comes to mind.