Re: [webauthn] Fix #720: Don't return user handle in 2nd factor mode

I now agree that the user handle is not private information, but I don't see how the RP could not know the user's identity if the RP has already looked up a list of credential IDs for that user.

Either way, I see now that [CTAP's getAssertion method]( always returns the `` even in the 2nd factor case, so I support closing this. Sorry for wasting everyone's time on yesterday's call.

GitHub Notification of comment by emlun
Please view or discuss this issue at using your GitHub account

Received on Thursday, 21 December 2017 14:03:04 UTC