[webauthn] correct usage of userHandle? (#1385) from Sacha Weatherstone via GitHub on 2020-03-06 (public-webauthn@w3.org from March 2020)

From: Sacha Weatherstone via GitHub <sysbot+gh@w3.org>
Date: Fri, 06 Mar 2020 22:57:36 +0000
To: public-webauthn@w3.org
Message-ID: <issues.opened-577219050-1583535455-sysbot+gh@w3.org>

sachaw has just created a new issue for https://github.com/w3c/webauthn:

== correct usage of userHandle? ==
I am trying to implement WebAuthn, and am unsure how the userHandle attribute should be, as there seems to be some conflicting information.
Should userHandle be uniquely identifying to both the user and credential, or just the user (i.e. have a unique identifier for a given credential or just use the users id for the userHandle attribute)
also, why would it not be ok to use the credentialId as the unique identifier for a credential in my database, and use that to identify the credential and lookup the user.

Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1385 using your GitHub account

Received on Friday, 6 March 2020 22:57:38 UTC