Create explicit select_credential method #77
Description
Problem
Right now, find_credentials() semantically acts as "find credentials + select credential". This is a bit confusing, as the name of the method suggests that it should just return all the credentials rather than find+select.
Proposal
To add explicit support for handling multiple credentials, it may be a good idea to add another trait method select_credential() to CredentialStore like the following:
async fn select_credential(available_creds: Vec<Self::PasskeyItem>) -> Result<PasskeyItem, StatusCode> {
// Default trait implementation selects first credential for backwards compatibility
available_creds.first().ok_or(StatusCode::from(Ctap2Error::NoCredentialsError))
}This could allow for new consumers to opt-into separate behavior for lookup vs. select while not breaking existing consumers.
Considerations
Splitting up finding and selecting may be expensive for certain implementations of the store, and the authenticator doesn't do anything special with the value except pass it on to the next method, so requiring the consumer to split up these methods might be more trouble than it's worth?
Alternatives
An alternative would be to provide all the found credentials to UserValidationMethod::check_user() and do selection at that point. This may be useful for setups where credentials require some sort of user interaction (e.g. biometric match) in order to release the credential, in which case "UserValidationMethod" feels appropriate. However, this mixes UI and storage, which may be separate in most cases, and the name of the method doesn't suggest that credential selection should happen here either.
Originally posted by @iinuwa in #76 (comment)