...
Jira Legacy server System Jira serverId f52c7d31-6eab-3f0e-93c3-231b5754d506 key JWEBAUTHN-12 Add a guard to check a user who has already registered a webauthn credential can not bypass webauthn authentication when registering a new one (under certain MFA configurations that allow some kind of alternate authentication to be used to bootstrap credentials).
In other flows, this is covered by requesting the correct authentication method/class principal etc
Is hard to think of all the options for trying to bootstrap the initial key, but I’ve tried to improve the documentation around this.
Jira Legacy server System Jira serverId f52c7d31-6eab-3f0e-93c3-231b5754d506 key JWEBAUTHN-11 Pull user.id, user.name, and user.displayName from the attribute context for use when registering a new credential
Jira Legacy server System Jira serverId f52c7d31-6eab-3f0e-93c3-231b5754d506 key JWEBAUTHN-8 Added an admin flow for admins to manage other users credentials. Only supports searching and removal for now.
Finishing the docs
3rd Alpha released. Will get a beta out before the end of the month. Hopefully not long after that for a v1.
...