Re: [webauthn] "The user handle MUST NOT be empty, though it MAY be null" - but only in responses? (#1598) from Emil Lundberg via GitHub on 2021-04-21 (public-webauthn@w3.org from April 2021)

From: Emil Lundberg via GitHub <sysbot+gh@w3.org>
Date: Wed, 21 Apr 2021 19:54:21 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-824317257-1619034860-sysbot+gh@w3.org>

2021-04-21 call:

The "though it MAY be null" was added in PR #1537. As we understand the WebIDL, the definition `required BufferSource   id;` is not _nullable_ - so null is indeed not a valid value for the `user.id` parameter, and "though it MAY be null" contradicts this. Also the authenticator model's credential-overwriting behaviour assumes it is non-null (like @MasterKale points out above).

So we could already conclude that "though it MAY be null" should be dropped or clarified.

-- 
GitHub Notification of comment by emlun
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1598#issuecomment-824317257 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Wednesday, 21 April 2021 19:54:24 UTC