- From: =JeffH via GitHub <sysbot+gh@w3.org>
- Date: Fri, 14 Apr 2017 00:38:14 +0000
- To: public-webauthn@w3.org
@jyasskin wrote: > If `allowList` is empty [when getAssertion() is called], `credentialList` remains empty, and every authenticator is skipped... Good catch, thx. My understanding is that we need to make empty `allowList` work, and the semantics ought to be that if the `allowList`is empty, the RP is saying "please use any credential you may have associated with my RP ID", and on the client side a platform-specific procedure is used to determine whether any such credentials exist. Yes? -- GitHub Notification of comment by equalsJeffH Please view or discuss this issue at https://github.com/w3c/webauthn/issues/387#issuecomment-294056421 using your GitHub account
Received on Friday, 14 April 2017 00:38:20 UTC