Firstyear
Firstyear
> As a quick note from a phone belt I have time to write more: I was mislead by the title of the original issue into believing it was already...
Right, so it's the other way around - the specification (like everything in oidc/oauth) is so poorly written that I had it confused as being the inverse. This is a...
Well the bigger issue here is firefox not offering to set the PIN on first use. Is there a mozilla bug about that somewhere? Ive had a look and see...
> If that's the case, a solution might be to allow `userVerification` to be disabled only in combination with a password, perhaps as an alternative to TOTP in the Password...
> > I'd rather Firefox just fix their implementation at this point. It's been years since webauthn was introduced, let alone passkeys. It's been the direction of authentication for the...
I actually think that potentially the best thing here is a separate service with it's own ui, and it has an api token that allows it to create users. That...
I have lots of thoughts on this, I think making it separate is the "most flexible" if only because it allows people to expose it in a separate way to...
I think would be related to #996
I'm not sure every deployment wants/needs that though. But also this issue is a bit ambiguous becuse it could be referring to a service-desk style feature to send the pw...
That's part of the challenge here, is reset link policy is site specific. This adds more surface area to configuration of this flow, but by default I think we'd have...