Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Changing the definition of Reauthentication #22

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Changing the definition of Reauthentication #22

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 1 addition & 2 deletions HowToFIDO.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,8 +16,7 @@ _Employing FIDO authenticators and the WebAuthn API in your sign-in flows: A gui
Note that this is *different* from creating an account with a
service in the first place.

- **Reauthentication** happens when a relying party already knows
who the user is, but would like to reconfirm this. For example,
- **Reauthentication** is a generic term widely used for reconfirming authentication of the user when the user is already known or authenticated. For example,
this happens before making sensitive changes to an account (add a
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Note that section 3 says "
Reauthentication might happen for the following reasons:

  • The user signed out and now wants to sign in again.

... "

If the user is signed out and now wants to sign in again, the user is not already authenticated...?

recovery email address, change the passwords, etc.): a relying
party would typically ask the user to re-enter their password or
Expand Down