Replies: 2 comments
-
|
I'm not sure what data you want to store here. The OIDC access token is ephemeral as you just need it to acquire a bearer token from the identity provider, right? No reason to store it? Haven't implemented OIDC yet so I'm not sure here. The public key or credential ID from the user's authenticator that you receive from However whenever the user authenticates, they have to provide their user ID to you first. FIDO2 does not identify a user, it can only authenticate them. Otherwise it would be similar to that comic where a user enters a password and the response is something like "wrong user, did you mean |
Beta Was this translation helpful? Give feedback.
-
|
Closing as this would make more sense as a Discussion |
Beta Was this translation helpful? Give feedback.
-
Hello,
I offer the user to authenticate via un IODC/AES service, then i get a persistent access token (think of it as the bank card number) that identifies the user and it's device on my service, the i offer the user to enroll with webauthn in an other site (merchant site),
the next step is request for RP to get public key for navigator.credentials.get({here})
I dont know how to store this token, it's a very sensitive data, so i was thinking of a way to get it from the device. u used this token while i created the creds as user name in UserEntity.
i was thinking also on getting creds Ids from the stored webauthen creds, those creds will be used to request (challenge ...) from the RP.
if you have any advice or suggestion i will be grateful :)
Thx
Beta Was this translation helpful? Give feedback.
All reactions