Keyboard shortcuts

Press or to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

WebAuthn

Background

The is a tech follow-up on the discussions we have had is around is a user allow to create more than a single account with Vectis on the same device / foundational ID.

Given the current flow in Onboarding, the flow of creating a webauthn credential happens BEFORE any account is created, this means that in the PublicKeyCredentialCreationOptions, that the PublicKeyCredentialUserEntity has a randomly generated id.

This id MAY be used in authentication, i.e. when the user Login, or in our case, signs a transaction, we can leave the CredentialDescriptor empty. In the [discoverable credential] model (which we are using), this means that the passkey are returned for all the credentials relevant to our rpID.

On the other hand, if Login requires interaction with a Vectis API, i.e. in the case to unlock for VC, then, it is possible to request a specific id that was created in Onboarding.

This method does not prevent creation of multiple accounts, unless we have get or create type api available, however, this is still only in discussion.

Example

ICP has a good example that we need to upgrade to, getting the credentialID so there will only be 1 credential you can login with, even if you have created a few different accounts (given you entered the correct id).