W3C home > Mailing lists > Public > public-webauthn@w3.org > February 2021

Re: [webauthn] Questions about user handle when supporting usernameless (#1559)

From: Ki-Eun Shin via GitHub <sysbot+gh@w3.org>
Date: Wed, 10 Feb 2021 01:31:19 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-776365331-1612920678-sysbot+gh@w3.org>
The `user.id` is the value provided (and assigned) by RP. The way to generate such value is up to RPs. Some RPs just generate hash value of username of the account. 
Whether the user account is already created or not, the RP should assign `user.id` before calling create call. And, the RP should somehow track the challenge/response. 
I don't think any value for adding `userHandle` for the attestation response. RP can maintain user.id just like other values for the attestation request.

GitHub Notification of comment by Kieun
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1559#issuecomment-776365331 using your GitHub account

Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Wednesday, 10 February 2021 01:31:20 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 10 February 2021 01:31:21 UTC