Re: [webauthn] user id should be returned in get()

CredentialID is also PII. I'm not sure there's any difference in something that's in plaintext or need to be looked up in a DB (by the RP). Most RPs (including Google) can't key off of CredentialID and requiring this will be a major impediment to implementing this protocol (not only for us).

GitHub Notification of comment by christiaanbrand
Please view or discuss this issue at using your GitHub account

Received on Wednesday, 13 September 2017 14:25:58 UTC