Hello all - We are in the testing & validation stage of our Kratos platform, and we are using Passwordless + WebAuthn logins (NO passwords). When a user creates an account, and links their WebAuthn credential (on a PC/Desktop) - what is the graceful or recommended method for that user to now login on their iPhone (which has a separate WebAuthn keystore)? Current examples I found on the Web use: "Device Linking Codes" - where the site displays an 8digit code on the NEW device, which must be entered on the currently trusted device. I have searched Slack history, Kratos Docs, and Google for solutions (maybe my search phrasing is bad?...)

Hello Ron, forgive me maybe I misunderstand the question, but on an iPhone the recommended login method would be FaceId or TouchId. I think the exemplary react native UI has implemented this, but I am not sure.

Hi @magnificent-energy-493 Yes correct. Assume I registered on my iPhone with passwordless WebAuthn. Now I want to login to my account using my Window PC. Is there a graceful method in Kratos to add/adopt the Windows PC; avoiding an account recovery (not graceful.) The common method I see around the web, on sites like Github and Plex; is the new/unauthorized device will display an 8-char "LINK CODE". I would then login with my iPhone+WebAuthn; and choose a "Link a new device" - where I enter the 8-char link code. Now the Windows PC browser updates, and prompts to register as a WebAuthn device.

What about “Windows Hello”? It seems that supports OIDC as well. But we are also working on a code strategy: https://github.com/ory/kratos/pull/2645 I think that is exactly what you are looking for @flaky-helicopter-75047?