[webauthn] correct usage of userHandle? (#1385)

sachaw has just created a new issue for https://github.com/w3c/webauthn:

== correct usage of userHandle? ==
I am trying to implement WebAuthn, and am unsure how the userHandle attribute should be, as there seems to be some conflicting information.
Should userHandle be uniquely identifying to both the user and credential, or just the user (i.e. have a unique identifier for a given credential or just use the users id for the userHandle attribute)
also, why would it not be ok to use the credentialId as the unique identifier for a credential in my database, and use that to identify the credential and lookup the user.

Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1385 using your GitHub account

Received on Friday, 6 March 2020 22:57:38 UTC