- From: Boris Lykah via GitHub <sysbot+gh@w3.org>
- Date: Mon, 25 Apr 2022 19:41:33 +0000
- To: public-webauthn@w3.org
lykahb has just created a new issue for https://github.com/w3c/webauthn: == Clarify the valid values for user handle in the Authentication Assertion == The [5.4.3. User Account Parameters for Credential Generation](https://www.w3.org/TR/webauthn-2/#dictionary-user-credential-params) requires that the user handle must not be an empty string. However, the [5.2.2. Web Authentication Assertion (interface AuthenticatorAssertionResponse)](https://w3c.github.io/webauthn/#iface-authenticatorassertionresponse) does not explicitly say if userHandle may be an empty string. I would infer that it must be either null, or the same value as passed under `PublicKeyCredentialUserEntity` when registering. At the moment not all browsers have consistent behavior. For my authenticator (YubiKey) Firefox and Chromium always return `userHandle: null`. However, Safari returns `userHandle: ""`. I opened a [bug report](https://bugs.webkit.org/show_bug.cgi?id=239737) for Safari based on my understanding of the authentication part of the WebAuthn spec. Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1723 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Monday, 25 April 2022 19:41:34 UTC