How to have Devicename

[richard redpath]

I understand the DisplayName in which the iPhone says "passkey for Tom Cedric" on the display glass when registering a passkey. And thats fine. And this registration is saved for the Fido Server. But what is the official procedure to name the device so I can manage devices by name for a user?

If I register my iPhone and my Android I have no idea from the Register complete payload the device name.

I setup the payload to call the RegisterComplete and certainly I can have custom code in the Fido server to look for a DeviceName passed, but there has to be some standard known to pass in a device name to manage users and their devices that they can identify later when listing all devices for a user at some database that has stored them

[Nicholas Irving]

IIRC the spec does not mention device mor cater for it as the passkey is fluid and could be found on any device that the credential store is stored on. I could have misunderstood that requirement, but even apple mention this at https://support.apple.com/en-au/102195

So not sure you can use a passkey purely to identify a unique device, more that it was from a device. You can see a list of AAGUID here https://github.com/passkeydeveloper/passkey-authenticator-aaguids that can help identify the type of device.

You could try and work around this through the exclusion list if you know it is a device you have not seen before and get them to register a new passkey and tie the 2 together in your db.

Tl;dr passkeys roam between devices so can be used by any one of them.

Regards

Nicholas Irving 

--
You received this message because you are subscribed to the Google Groups "FIDO Dev (fido-dev)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to fido-dev+u...@fidoalliance.org.
To view this discussion on the web visit https://groups.google.com/a/fidoalliance.org/d/msgid/fido-dev/d432d8a6-cf5a-4e6d-b130-e0697e546305n%40fidoalliance.org.

[My1]

the display name in the user object is the name of the user, not the device, mainly to differentiate different accounts. it is not saved on the RP or really needed by it, it is only saved on your device when using resident credentials, in order to make sure you are signing into the right account.

Any good RP would let you set a custom name for each device which is 100% unrelated to the user.displayName

[Emil Lundberg]

There's also a new getClientExtensionResults().credProps.authenticatorDisplayName extension attribute that was recently merged into the WebAuthn spec, which could help out with this in the future. Note that this is not currently available in any implementation, and since it's an extension there's no guarantee the attribute will be available even when most browsers support the updated extension.

Emil Lundberg

Senior Software Engineer | Yubico

To view this discussion on the web visit https://groups.google.com/a/fidoalliance.org/d/msgid/fido-dev/CACHSkNqnQ1gRSYJOa_KgrC8t2qj06qN_WTtv%3D%2Bw1jRwDnsKTBg%40mail.gmail.com.

[richard redpath]

That was my thought

     "Any good RP would let you set a custom name for each device which "

I was not sure to ask the user  when registering  for a name for the device. I have two iPhones and an Android

and I need to identify them two of which are for work.

As for the ClientExtensionResult I did go down this path and did not see it available yet.

Thanks for the sanity check.