Re: [webauthn] various issues with AppId extension

@leshi Oh right, that is a good point. Though I think in practice most users will probably have only one authenticator, which mitigates the impact. The RP could also somewhat work around it by trying both U2F and Webauthn credentials in two separate `getAssertion` calls, but it would be a pretty ugly user experience.

We could fix this by making the extension value a `[{ credentialId, appId }...]` list, or a `{ appId: [credentialId...] }` object or the like, but we'd hoped that the next releases would have no breaking changes. I can't say whether or not we'll do that.

-- 
GitHub Notification of comment by emlun
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/491#issuecomment-349439210 using your GitHub account

Received on Tuesday, 5 December 2017 20:58:09 UTC