How to properly manage WebAuthn challenges?
I’m in the process of evaluating adding WebAuthn/Passkey support to a website, and I’m not really sure how to properly manage challenge nonces.
My understanding is that the main reason for using challenge nonces is to prevent replay attack…