Add update to when to extend reuse section of RFD 155.

gravitational · Nov 15, 2024 · 441ccae · 441ccae
1 parent a98387e
commit 441ccae
Showing 1 changed file with 6 additions and 0 deletions.
diff --git a/rfd/0155-scoped-webauthn-credentials.md b/rfd/0155-scoped-webauthn-credentials.md
@@ -245,6 +245,12 @@ endpoints:
   - `http createWebSession`
   - `http deleteWebSession`
 
+Update: Minimizing which admin actions allow reuse has caused several issues
+in new bulk admin actions, most notably the new Discover flows. Other than the
+critical admin action endpoints listed above, most now allow reuse. It is
+instead left up to the client to be reasonable, only requesting a reusable MFA
+challenge in preparation for a bulk admin action.
+
 #### Expiration
 
 Webauthn challenges are always set to expire after 5 minutes. However, as we've