That's what the TODO is supposed to figure out: >with the understanding that Jeffrey will write up some language which says authenticators should never return userid (or any account info for that matter) when a signature was requested using a CredentialID [this means it's being used as a second factor]. My gut says it should probably be `undefined` in that case. -- GitHub Notification of comment by emlun Please view or discuss this issue at https://github.com/w3c/webauthn/pull/616#issuecomment-335323576 using your GitHub accountReceived on Tuesday, 10 October 2017 00:18:26 UTC
This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:28 UTC