W3C home > Mailing lists > Public > public-webauthn@w3.org > September 2018

[webauthn] Clarify which user to authenticate if userHandle is not present

From: milesstoetzner via GitHub <sysbot+gh@w3.org>
Date: Thu, 20 Sep 2018 11:14:55 +0000
To: public-webauthn@w3.org
Message-ID: <issues.opened-362139295-1537442095-sysbot+gh@w3.org>
milesstoetzner has just created a new issue for https://github.com/w3c/webauthn:

== Clarify which user to authenticate if userHandle is not present ==
Maybe one should clarify Step 2 of [Verifying an authentication assetion](https://www.w3.org/TR/webauthn/#verifying-assertion) for the case, that userHandle is not present:

>2. If credential.response.userHandle is present, verify that the user identified by this value is the owner of the public key credential identified by credential.id.
**If credential.response.userHandle is not present, the owner of the public key credential identified by credential.id is the user to authenticate.**

Greetings, 
Miles

Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1078 using your GitHub account
Received on Thursday, 20 September 2018 11:14:57 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:58:55 UTC