Re: [webauthn] Fix #720: Don't return user handle in 2nd factor mode

Let me give you our example.

We have a distributed server environment and is doing credentialID based lookup. We use user id as a helper for lookup in this distributed environment for scalability purposes. The response server is not the same as request server. And that is why, userId is a helpful to us even in a second factor case. 

As this is not optional in CTAP spec, I see no reason for WebAuthN to hide this information. 

I am closing this. Please reopen if someone does not agree. 

GitHub Notification of comment by akshayku
Please view or discuss this issue at using your GitHub account

Received on Thursday, 21 December 2017 17:14:14 UTC