Re: [webauthn] No way to select an intended authenticator during authentication with attachment info

Ah yes, section 4.4 is indeed inconsistent as you point out. But doesn't `allowCredentials` already enable these features? Of course that assumes the RP has stored device metadata in the registration ceremony, but the RP would need that metadata anyway in order to verify that the user agent obeys the `authenticatorSelection`.

GitHub Notification of comment by emlun
Please view or discuss this issue at using your GitHub account

Received on Tuesday, 3 October 2017 13:30:33 UTC