TsgcWSAPIServer_WebAuthn › Events › OnWebAuthnRegistrationValidateCredentialId
Fires during /register/verify to let the application check that the new credential id is unique in its user store.
property OnWebAuthnRegistrationValidateCredentialId: TsgcWebAuthnOnRegistrationValidateCredentialId;
// TsgcWebAuthnOnRegistrationValidateCredentialId = procedure(Sender: TObject; const aCredentialId: String; var Accept: Boolean) of object—
Fires while verifying the attestation response, before the credential is accepted. aCredentialId is the base64url-encoded credential id produced by the authenticator. Set Accept to false if the application already knows this credential id (collision, replay, stolen credential, etc.); the server will then reject the registration with a verification error. Use this event to enforce a global uniqueness constraint backed by your user database.
procedure TForm1.sgcWSAPIServer_WebAuthn1WebAuthnRegistrationValidateCredentialId(
Sender: TObject; const aCredentialId: String; var Accept: Boolean);
begin
Accept := not CredentialExists(aCredentialId);
end;