[webauthn] Move `allowList` from optional to default on `getAssertion`

bifurcation has just created a new issue for 

== Move `allowList` from optional to default on `getAssertion` ==
The relying party cannot use an assertion from a credential for which 
it does not have the public key.  So the API should only allow an RP 
to `getAssertion` from a credential whose ID it provides.  This just 
requires moving `allowList` from the `options` argument to 
`getAssertion` to the main method signature.

Please view or discuss this issue at 
https://github.com/w3c/webauthn/issues/221 using your GitHub account

Received on Wednesday, 28 September 2016 06:38:29 UTC