| Step # | Action | Expected | Actual | Matches Expected | Details |
| 1. | |||||
| Simulate an old security key registration | |||||
| 2. | |||||
| 3. | |||||
| Attempt to register as trusted device | |||||
| 4. | |||||
| Upgrade security key registration to trusted device | |||||
| 5. | |||||
| 6. | |||||
| 7. | |||||
This journey simulates a situation where an RP implements a trusted device feature, but has users with legacy registrations whose UV & PA status is not known.
These steps simulate the "worst case" where the RP has no
information during step 4 about any potential existing registrations that
may work with the current device (and therefore all registrations are
listed in excludeCredentials).
Step 2 uses:
"authenticatorSelection": {
"userVerification": "discouraged"
}
Step 4 uses:
"authenticatorSelection": {
"authenticatorAttachment": "platform",
"userVerification": "required"
}
// ...
"excludeCredentials: [/* all registered credentials */]"
"authenticatorSelection": {
"authenticatorAttachment": "platform",
"userVerification": "required"
}
// ...
"excludeCredentials: [/* all registered credentials except the one identified in step 5 */]"