- From: =JeffH via GitHub <sysbot+gh@w3.org>
- Date: Wed, 21 Apr 2021 21:15:18 +0000
- To: public-webauthn@w3.org
@emlun wrote: > >[...] The user handle MUST NOT be empty, though it MAY be null. > I think this was supposed to mean that the user handle _parameter_ [`publicKey.user.id`](https://www.w3.org/TR/2021/REC-webauthn-2-20210408/#dom-publickeycredentialuserentity-id) MUST NOT be empty and MUST NOT be null, but the user handle _return value_ [`PublicKeyCredential.response.userHandle`](https://www.w3.org/TR/2021/REC-webauthn-2-20210408/#dom-authenticatorassertionresponse-userhandle) MAY be null (for example when using a U2F authenticator or a non-discoverable credential). Is that right? I do not think the above was the original intent. AFAICT the user handle parameter [`publicKey.user.id`](https://www.w3.org/TR/2021/REC-webauthn-2-20210408/#dom-publickeycredentialuserentity-id) _**is** used for only credential creation_, and the "...though it MAY be null" clause is simply incorrect (I do not recall why I/we stated that, doh), because it is a [BufferSource](https://heycam.github.io/webidl/#BufferSource) type which is a union containing other nullable webIDL types and thus is not itself nullable (If I'm reading the WebIDL spec correctly). Perhaps we can resolve this issue by simply deleting the text ", though it MAY be null". [ WRT the user handle _return value_ [`PublicKeyCredential.response.userHandle`](https://www.w3.org/TR/2021/REC-webauthn-2-20210408/#dom-authenticatorassertionresponse-userhandle) possibly being null: yes, the spec explicitly declares that as a nullable ArrayBuffer. ] -- GitHub Notification of comment by equalsJeffH Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1598#issuecomment-824362445 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Wednesday, 21 April 2021 21:15:21 UTC