Greetings, I've working lately with webauthn navigator feature in order to make users registrations and logins with Touch ID or any other sign option that the device might offer.
To give a quick context: in my webapp I register users using username + webauthn and store their credentials.id from navigator.credentials.create() and generate a pubKey that it's being store at local storage and in our DB, which is the same for the credential.id. Despite the fact that I can use my device to use my webapp after the creation of this account and using navigator.credentials.get() I'm able to log with my account with no problem but, if I go to settings > safari > clear all browser data & history I can end up destroying my access to my webapp, even though that I have the credentials on my server.
Is this an expected behaviour?
If I do the same on different devices, this does not happen, in fact accounts are able to log even if the browser does not have data anymore, since it only removes the browser data and not the Credential Manager data.
Also, for Mac devices these keys are only accessible per browser, which mean that I have to link those different browsers as secondary devices so the user can login at any browser that they have on their device. Is this expected?