| Step # | Action | Expected | Actual | Matches Expected | Details |
| 1. | |||||
| Simulate first registration | |||||
| 2. | |||||
| 3. | |||||
| Attempt second registration | |||||
| 4. | |||||
| Identify existing registration | |||||
| 5. | |||||
This journey simulates a situation where a user has a trusted device registration, and then attempts to register it again.
These steps simulate the "worst case" where the RP has no
information during step 4 about any potential existing registrations that
may work with the current device (and therefore all registrations are
listed in excludeCredentials), e.g. because they've cleared
their cookies or are using a fresh browser profile with synced
credentials.
Steps 2 and 4 use:
"authenticatorSelection": {
"authenticatorAttachment": "platform",
"userVerification": "required"
}
// ...
"excludeCredentials: [/* all registered credentials */]"