How to prevent creating a passkey if there was an error?

[larrasu]

I'm following nuxt-todo-passkeys. On the auth page, if a user already exists, it still creates a passkey. How do I avoid this?

[atinux]

It does not create a new user either a passkey in database but show an error:

CleanShot.2024-10-27.at.14.41.40.mp4

[larrasu]

What I mean is it still creates a passkey on the device. Here the todo-passkeys was able to create 2 passkeys on the device even if the user already exists.

Screen.Recording.2024-10-27.at.11.01.00.AM.mov

I was expecting something like this:

webauthn.mov

[atinux]

cc @Gerbuuun

[Gerbuuun]

To prevent duplicate credentials, you should add existing credentials related to the given username to the excludeCredentials option in the getOptions function. I will create a PR to the nuxt-todo-passkeys with an example of how to do it after #266 is merged (which contains a type fix).

We might want to create an excludeCredentials function to the defineWebAuthnRegisterEventHandler just like the allowCredentials function in defineWebAuthnAuthenticateEventHandler.

edit: I added the excludeCredentials in the PR because otherwise the credential db query will run both on init and on verification. So the example will use the excludeCredentials function.

[atinux]

v0.5.1 is out @Gerbuuun (thank you so much)