Hi, Is there a guideline from Apple to prevent re-enrollment from same RP and same user Id so that we dont create multiple passkeys for same user account, We have a use case within app to create Passkeys on successful Login, but currently there is no API[ASAuthorizationPlatformPublicKeyCredentialRegistrationRequest] available to pass excludedCredentials for the user Id sent by RP[https://www.w3.org/TR/webauthn-2/#dom-publickeycredentialcreationoptions-excludecredentials] so that iOS can avoid creating new Passkeys for same User Id and same RP.
If we end up creating multiple Passkeys for same RP and same User Id,basically RP has to maintain all Passkeys's publickey and credIds at their end, leading to authentication complexity.
Also,Due to re-enrollment for same user with same RP, this leads to authentication failures[as user might choose diff Passkey-CredId from Modal than the one for which Challenge is requested for] until RP supports truly discoverable credentials.
We could say to replace Passkeys during subsequent creation but it would invalidate passkeys already shared to others or in sync'ed devices on web[that might work based off of storedCredId] which would be already creating passkeys or adopt webAuthN on different browsers and create new credential there as well.
But, ASAuthorizationSecurityKeyPublicKeyCredentialRegistrationRequest has excludedCredentials though.