For the record, I implemented this in [authorize-jwt](https://github.com/davedoesdev/authorize-jwt). I leaves the (unsigned in this case) JWT verification unchanged and does the WebAuthn verification (signed, of course) as a separate step. -- GitHub Notification of comment by davedoesdev Please view or discuss this issue at https://github.com/w3c/webauthn/issues/902#issuecomment-394972861 using your GitHub accountReceived on Wednesday, 6 June 2018 07:42:50 UTC
This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:33 UTC