Does anyone know where Safari/macOS stores discoverable WebAuthn credentials? I can't find anything resembling it in keychain access or Safari itself. I'm talking about regular key, not passkey. Is there a way to find and delete it? Or am I stuck with that credential forever in the dropdown "saved account" list in Safari?
Thanks Adam! I wonder what would happen in iOS 16 and macOS 13 with passkey creation if iCloud keychain is disabled? Will it create a "local" passkey or throw an error?
On Fri, Jun 24, 2022 at 8:58 PM 'Adam Langley' via FIDO Dev (fido-dev) <fido...@fidoalliance.org> wrote:
For non-passkey credentials created in prior versions, I don't believe that theres any way to manage them. (At least I've never seen one short of factory resetting the device.)
Emil Lundberg
You'll still have access to cross-device flows when iCloud Keychain is disabled.
Said differently, you can still use a credential from your phone or tablet on macOS when iCloud Keychain is disabled.
Tim Cappalli | m: +1 (617) 701-7149 • @timcappalli
did:ion:EiBgPHSLu66o1hQWT7ejtsV73PfrzeKphDXpgbLchRi32w
The cross-device flow, including the components like the QR code, is standardized as part of the next version of CTAP.
Sorry, I don't really understand the question first question. Proximity is always required.
tim
I don’t want to drastically side-track my original topic, but since we already touched the cross-device flow, may I ask couple more questions? I noticed when I try to use caBLE feature in Chrome on macOS, the QR code it generates is recognized by an iPhone, so I wonder if the proximity between Chrome on macOS and the iPhone is not required like in the case of Chrome on macOS and Android?
Also, that QR code is essentially a string like “FIDO:/big integer”. What is that string? Is it a sort of deep link? Is it standardized across all mobile OS versions?
Thanks Adam and Tim, you answered all my questions. Can you point me to the place in the CTAP that describes that feature?