Standardizing AAGUID-to-Device Mapping for Better User Experience #742
Replies: 1 comment 3 replies
-
|
@MasterKale , any suggestions? |
Beta Was this translation helpful? Give feedback.
-
|
The FIDO Alliance now has a Convenience Metadata Service that offers RPs a way to map AAGUID to a credential manager name without needing to manually maintain such mappings. The current Having just said all that, I'm now going to create an issue to track this work 🤔 |
Beta Was this translation helpful? Give feedback.
-
|
You can follow #743 if you're interested in my adding this new MDS feature to SimpleWebAuthn. |
Beta Was this translation helpful? Give feedback.
-
|
@MasterKale , thanks !! |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
I'm trying to provide a better user experience by showing users exactly which device or provider they used (e.g., "iCloud Keychain" or "Google Password Manager") to create passkey
Currently, verifyRegistrationResponse returns the AAGUID in authenticator data, but mapping this to a human-readable name requires a separate metadata lookup. I've noticed that many common synced passkey AAGUIDs (like Apple's or Google's) aren't in the official FIDO MDS.
My questions:
What is the recommended "industry standard" way to handle this mapping? Is it better to pull from the FIDO MDS, or should I rely on community-maintained lists like passkey-authenticator-aaguids?
Are there plans or existing helpers within SimpleWebAuthn to assist with this "friendly name" resolution, or is the philosophy to keep metadata management strictly outside the core library?
How do others handle the 00000000-0000-0000-0000-000000000000 (anonymous) AAGUID case when trying to give users a clear list of their registered devices?
Beta Was this translation helpful? Give feedback.
All reactions