Re: [webauthn] credential ID returned by authenticatorGetAssertion() is optional if allowList has exactly one member from =JeffH via GitHub on 2017-06-16 (public-webauthn@w3.org from June 2017)

From: =JeffH via GitHub <sysbot+gh@w3.org>
Date: Fri, 16 Jun 2017 23:17:15 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-309160109-1497655034-sysbot+gh@w3.org>

Hm, if the authnr's returning of Credential ID is optional in the case where the webauthn client invokes `authenticatorGetAssertion()` with exactly one credential descriptor in allowCredentials[], then in this case the client needs to maintain state -- the Cred ID -- until the call to `authenticatorGetAssertion()` returns and then set {{PublicKeyCredential/[[identifier]]}} to the saved value, yes?  And that saved value needs to be in some global-to-the-window object (or roughly equivalent) I'm guessing?

Is this a case of "snapshotting" ?

I took a stab at doing this in https://github.com/w3c/webauthn/pull/498/commits/31a8f855649dd120141d7ed42290d39e8c1d897e

/cc @bzbarsky @jyasskin @jcjones 

-- 
GitHub Notification of comment by equalsJeffH
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/472#issuecomment-309160109 using your GitHub account

Received on Friday, 16 June 2017 23:17:21 UTC