Re: [webauthn] Fix #609: Formally define User Handle

That's what the TODO is supposed to figure out:

>with the understanding that Jeffrey will write up some language which says authenticators should never return userid (or any account info for that matter) when a signature was requested using a CredentialID [this means it's being used as a second factor].

My gut says it should probably be `undefined` in that case.

GitHub Notification of comment by emlun
Please view or discuss this issue at using your GitHub account

Received on Tuesday, 10 October 2017 00:18:26 UTC