Comments (3)
bjoern-m
commented on May 17, 2024
1
I would also tend to "This passkey cannot be used anymore", because from the user's perspective the passkey is present (the browser suggests the user to use it), but the website is not accepting the passkey anymore. In the upcoming <hanko-profile> element, we should hint the user, before a passkey gets removed accordingly. I don't know about the use case that a admin can delete a user's passkey, but when the user is the only one that can delete passkeys, the suggested error message should be fine. "Invalid passkey" and "Passkey not found" are valid options too, but maybe we should be a little bit more precise, when we know, under normal circumstances, the passkey was there in the past.
from hanko.
Nerglej
commented on May 17, 2024
I agree on this.
I have some thoughts on this though.
A new user, that have just been introduced to the technology, could get very skeptical about it, if they don't understand that it's a problem out of their hands. If they think that it is a problem on their device, it would make them try to avoid the technology going forwards. If it's stated that it's a problem, like a server error, database error etc., they know that it's not the technology, but a problem on the app or service.
A couple of suggestions:
-
"This passkey cannot be used anymore", as you said. However, it could make them think that the passkey is still stored somewhere or that it has been blocked. Could also show that there's something wrong with the passkey itself. But it's still describing the problem.
-
"Invalid passkey". Short, but describes the problem. It's also in line with the WebAuthn error message, but not too technical for the average user. But again, it could lead to a user thinking the passkey itself is not working, or that the user did something wrong.
-
"Passkey not found". More technical, but still describes the idea of the error. Shows the user that there's nothing wrong with the passkey, but that it just hasn't been found.
These three doesn't really satisfy my first thought, but I can't really come up with anything else, and I not really in on any of them, so more suggestions would be amazing๐
Have a nice day
from hanko.
FlxMgdnz
commented on May 17, 2024
Thanks for your thoughts. Some additional context:
This error message is shown when the server does not accept the passkey. This may be due to:
- The user deleted the (server-side) passkey in their profile settings (not yet supported, but we're working on it)
- The admin deleted the (server-side) passkey for the user
- The user does not exist anymore
In all cases, the passkey on the user's devices is still present and will pop up when the user tries to sign in. I wanted to let the message reflect that there is no technical error or something wrong, but it is up to the user to delete the passkey from their device because it will never work again.
from hanko.
Related Issues (20)
- Facing issue when integrating Hanko with Remix, as remix does not convert commonjs modules to esmodules automatically
- import users: JSON schema not accurate
- Docker image in Docker Hub
- Alignment of button content HOT 3
- backend: version cmd has empty output when using container
- ci: cli-publish workflow improvements
- Session cookie not set on localhost on safari
- Hanko cookie does not have SameSite attribute
- Improve logging on SAML endpoints
- userChanged event in <hanko-profile> HOT 1
- Add SAML config to database
- Can't build quickstart HOT 1
- [FEATURE] Introduce a ThirdParty GenericOIDC implementation.
- Improve messaging for passkey creation
- Webhooks: `HasEvent` logic not working properly
- webhooks: include thirdparty sign-ups and sign-ins
- Email verification code input does not work with iOS autofill
- Use attestation=direct to get AAGUIDs on all platforms HOT 1
- Add user data to JWT
- [FEAT]: Do not panic if getting SAML metadatdata fails HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from hanko.