Inconsistent behaviour between passkey creation and login
Opened this issue · 1 comments
I try to implement passkeys. During the passkey creation phase, I use the following parameters:
Attestation type: direct
Authenticator: not specified
User verification: discouraged
Resident key: required
The result is: (on Chrome for Windows)
I choose Use a phone or tablet and create the passkey on my phone using a QR Code.
Later, during the login phase, I ask for the user's username and fill in the property AssertionOptions.AllowCredentials (I don't want to be usernameless).
The result is:
I have to cancel this pop-in to be able to access to the same register interface with Use a phone or tablet.
Is there any way to directly access to the initial interface while passing some allowCredentials?
Per this thread on SO https://stackoverflow.com/questions/75063504/webauthn-on-chrome-on-windows-skip-windows-dialog-in-favor-of-chrome-dialog it may seem like this is default behavior on Chrome/Windows. On login flow I'm getting this dialog every time even though I do have BT enabled.
I'd very much love to hear from others what their experience is, especially on other systems.