If a passkey is deleted (and within the 30 day undelete grace period) by the user in the Safari password manager and the user attempts to re-enroll the platform navigator using webauthn, we get: InvalidStateError: At least one credential matches an entry of the excludeCredentials list in the platform attached authenticator. This seems pretty confusing because the user has deleted the passkey and it's not usable to authenticate anymore, so it shouldn't be matched against the excludedCredentials list. The user can workaround this by going into "Recently deleted" in the password manager and permanently deleting the offending credential.
<rdar://problem/118182303>
Pull request: https://github.com/WebKit/WebKit/pull/25499
Committed 275711@main (c0e1cd6ea54e): <https://commits.webkit.org/275711@main> Reviewed commits have been landed. Closing PR #25499 and removing active labels.
Committed 272448.1008@safari-7618-branch (b5489fabf4aa): <https://commits.webkit.org/272448.1008@safari-7618-branch> Reviewed commits have been landed. Closing PR #1276 and removing active labels.
Committed 272448.1011@safari-7618-branch (d868e430dea8): <https://commits.webkit.org/272448.1011@safari-7618-branch> Reviewed commits have been landed. Closing PR #1279 and removing active labels.
Reopened Bugzilla. [WebAuthn] Navigator matches excludedCredentials for deleted passkeys in 30 day grace period, tracking revert in https://bugs.webkit.org/show_bug.cgi?id=264097.