Skip to content

feat(pin): invalidate persistent tokens on rejection and PIN change (4/5)#234

Merged
AlfioEmanueleFresta merged 2 commits into
masterfrom
feat/pcmr-4-invalidation
Jun 7, 2026
Merged

feat(pin): invalidate persistent tokens on rejection and PIN change (4/5)#234
AlfioEmanueleFresta merged 2 commits into
masterfrom
feat/pcmr-4-invalidation

Conversation

@AlfioEmanueleFresta

@AlfioEmanueleFresta AlfioEmanueleFresta commented May 30, 2026
edited
Loading

Copy link
Copy Markdown
Member

Part 4 of 5 in a stack: #231, #232, #233, #234 (this), #235

This stack adds support for persistent pinUvAuthTokens (the CTAP 2.2+ pcmr permission), so a credential manager can list passkeys without re-prompting for the PIN on every launch or replug. Read-only credential management only.

This PR

Keeps stored tokens fresh:

  • If an authenticator rejects a stored token, it is evicted and a new one is minted transparently.
  • A local PIN change drops the stored token for that authenticator.
  • At mint time, a superseded token for the same device is cleaned up, while tokens belonging to other keys are left untouched.

This was referenced May 30, 2026
Merged
Merged
Merged
Merged
@AlfioEmanueleFresta AlfioEmanueleFresta force-pushed the feat/pcmr-3-acquisition branch from e150a60 to 0fee3aa Compare May 30, 2026 11:26
@AlfioEmanueleFresta AlfioEmanueleFresta force-pushed the feat/pcmr-4-invalidation branch from 3c1df1f to bed6c79 Compare May 30, 2026 11:26
@AlfioEmanueleFresta AlfioEmanueleFresta force-pushed the feat/pcmr-3-acquisition branch from 0fee3aa to b16de46 Compare May 30, 2026 17:24
@AlfioEmanueleFresta AlfioEmanueleFresta force-pushed the feat/pcmr-4-invalidation branch 2 times, most recently from ada22af to f38d6ee Compare May 31, 2026 21:07
@AlfioEmanueleFresta AlfioEmanueleFresta force-pushed the feat/pcmr-3-acquisition branch from b16de46 to e36c0cf Compare May 31, 2026 21:07
@AlfioEmanueleFresta AlfioEmanueleFresta force-pushed the feat/pcmr-4-invalidation branch from f38d6ee to 35f9add Compare June 6, 2026 20:54
@AlfioEmanueleFresta AlfioEmanueleFresta force-pushed the feat/pcmr-3-acquisition branch from e36c0cf to 47a76d0 Compare June 6, 2026 20:54
@AlfioEmanueleFresta AlfioEmanueleFresta marked this pull request as ready for review June 6, 2026 20:57
@AlfioEmanueleFresta AlfioEmanueleFresta force-pushed the feat/pcmr-4-invalidation branch from 35f9add to 7e7f379 Compare June 7, 2026 14:55
@AlfioEmanueleFresta AlfioEmanueleFresta force-pushed the feat/pcmr-3-acquisition branch from 47a76d0 to 682e81f Compare June 7, 2026 14:55
@AlfioEmanueleFresta AlfioEmanueleFresta force-pushed the feat/pcmr-4-invalidation branch from 7e7f379 to 2fc406f Compare June 7, 2026 14:56
@AlfioEmanueleFresta AlfioEmanueleFresta force-pushed the feat/pcmr-3-acquisition branch from 682e81f to a680927 Compare June 7, 2026 14:56
Base automatically changed from feat/pcmr-3-acquisition to master June 7, 2026 14:56
@AlfioEmanueleFresta AlfioEmanueleFresta force-pushed the feat/pcmr-4-invalidation branch from 2fc406f to 0283638 Compare June 7, 2026 14:56
@AlfioEmanueleFresta AlfioEmanueleFresta merged commit 518b97a into master Jun 7, 2026
5 checks passed
@AlfioEmanueleFresta AlfioEmanueleFresta deleted the feat/pcmr-4-invalidation branch June 7, 2026 14:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@AlfioEmanueleFresta