W3C home > Mailing lists > Public > public-webauthn@w3.org > April 2020

Re: [webauthn] Why does credentialId need to be unique across all users? (#1403)

From: Evan Heaton via GitHub <sysbot+gh@w3.org>
Date: Tue, 07 Apr 2020 17:12:17 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-610511460-1586279536-sysbot+gh@w3.org>
Even in the case of resident keys, won't the authenticator return the selected user handle alongside the assertion? Then, based on that received user handle the RP could look up just the credentials for that user, find the match for credentialId (since it would be unique within the scope of that user), and continue with the assertion verification.

GitHub Notification of comment by epheat
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1403#issuecomment-610511460 using your GitHub account
Received on Tuesday, 7 April 2020 17:12:20 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:40 UTC