235344 2022-01-18 18:32:10 -0800 [WebAuthn] Clearing Safari history "clears" all Platform credentials leading to zombie credentials on FIDO server 2022-01-25 18:33:18 -0800 1 1 1 Unclassified WebKit WebKit Misc. Safari 15 iPhone / iPad iOS 15 NEW InRadar P2 Normal --- 1 arshad.noor webkit-unassigned bfulgham pascoe webkit-bug-importer oldest_to_newest 1831920 0 arshad.noor 2022-01-18 18:32:10 -0800 Steps to reproduce: (tested on https://demo.strongkey.com/basicdemo or https://demo.strongkey.com/fidopolicy - Minimum-Any-Hardware-Authenticator policy) 1. Register a platform credential with a userid and TouchID (OK) 2. Authenticate with the newly generated credential (OK) 3. Clear browser history (OK) 4. Authenticate with the newly generated credential (Not OK - prompts to login with Security Key) When using MacBook, macOS Big Sur 11.6, Safari 15: similar results. When using MacBook, macOS Big Sur 11.6, Google Chrome 80.x: I can successfully authenticate using Platform credentials as long as I do NOT clear "Passwords and other sign-in data" from Advanced tab of "Clear browsing data" - the Basic tab does not delete passwords and other sign-in data. The Safari UX is a poor one for users who know their userid and where their credential is still available in the site's FIDO Server - that userid can neither be used to register a new Platform credential, nor can it be used to authenticate with the previously registered credential - thus creating a "zombie" credential on the FIDO server. 1833962 1 webkit-bug-importer 2022-01-25 18:33:18 -0800 <rdar://problem/88055729>