TsgcWSAPIServer_WebAuthn › Events › OnWebAuthnRegistrationValidateCredentialId
Fires during /register/verify to let the application check that the new credential id is unique in its user store.
public event TsgcWebAuthnOnRegistrationValidateCredentialIdHandler OnWebAuthnRegistrationValidateCredentialId;
// delegate void TsgcWebAuthnOnRegistrationValidateCredentialIdHandler(TObject Sender, string aCredentialId, out bool Accept)—
Fires while verifying the attestation response, before the credential is accepted. aCredentialId is the base64url-encoded credential id produced by the authenticator. Set Accept to false if the application already knows this credential id (collision, replay, stolen credential, etc.); the server will then reject the registration with a verification error. Use this event to enforce a global uniqueness constraint backed by your user database.