Re: [webauthn] Questions about user handle when supporting usernameless (#1559) from Ki-Eun Shin via GitHub on 2021-02-10 (public-webauthn@w3.org from February 2021)

From: Ki-Eun Shin via GitHub <sysbot+gh@w3.org>
Date: Wed, 10 Feb 2021 01:31:19 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-776365331-1612920678-sysbot+gh@w3.org>

The `user.id` is the value provided (and assigned) by RP. The way to generate such value is up to RPs. Some RPs just generate hash value of username of the account. 
Whether the user account is already created or not, the RP should assign `user.id` before calling create call. And, the RP should somehow track the challenge/response. 
I don't think any value for adding `userHandle` for the attestation response. RP can maintain user.id just like other values for the attestation request.




-- 
GitHub Notification of comment by Kieun
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1559#issuecomment-776365331 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Wednesday, 10 February 2021 01:31:20 UTC