Let me give you our example. We have a distributed server environment and is doing credentialID based lookup. We use user id as a helper for lookup in this distributed environment for scalability purposes. The response server is not the same as request server. And that is why, userId is a helpful to us even in a second factor case. As this is not optional in CTAP spec, I see no reason for WebAuthN to hide this information. I am closing this. Please reopen if someone does not agree. -- GitHub Notification of comment by akshayku Please view or discuss this issue at https://github.com/w3c/webauthn/pull/730#issuecomment-353406007 using your GitHub accountReceived on Thursday, 21 December 2017 17:14:14 UTC
This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:58:45 UTC