Re: [webauthn] Contradiction in whether user handle is required

The RP is required to provide the user handle when creating a new credential: https://github.com/w3c/webauthn/pull/558#issuecomment-331535523 So I do think it makes sense to drop "optional" here. U2F devices will ignore it, and as that comment points out they won't be expected to return it since they're always used in 2nd factor mode.

However, I think that also means we need to change [authenticatorGetAssertion step 13][aga] and up the stack to include this behaviour.

[aga]: https://w3c.github.io/webauthn/#authenticatorGetAssertion-return-values

-- 
GitHub Notification of comment by emlun
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/720#issuecomment-351116398 using your GitHub account

Received on Tuesday, 12 December 2017 17:04:48 UTC