Hello,
I offer the user to authenticate via un IODC/AES service, then i get a persistent access token (think of it as the bank card number) that identifies the user and it's device on my service, then i offer the user to enroll with webauthn in an other site (merchant site),
the next step is request for RP to get public key for navigator.credentials.get({here})
I dont know how to store this token, it's a very sensitive data, so i was thinking of a way to get it from the device. I used this token when i created the creds as user name in UserEntity.
i was thinking also on getting creds Ids from the stored webauthen creds, those creds will be used to request (challenge ...) from the RP.
if you have any advice or suggestion i will be grateful :)
Thx