- From: Emil Lundberg via GitHub <sysbot+gh@w3.org>
- Date: Mon, 14 Feb 2022 17:18:36 +0000
- To: public-webauthn@w3.org
Most of the time they would mean the same thing, yes. There could be some esoteric cases where they're not, but this seems like a fair change to me. There is precedent in the spec for verifying against the `options` object, for example in [step 5 of ยง7.2. Verifying an Authentication Assertion](https://www.w3.org/TR/2021/REC-webauthn-2-20210408/#ref-for-dom-publickeycredentialrequestoptions-allowcredentials%E2%91%A0%E2%91%A3): >5. If _`options`_.[`allowCredentials`](https://www.w3.org/TR/webauthn-2/#dom-publickeycredentialrequestoptions-allowcredentials) [is not empty](https://infra.spec.whatwg.org/#list-is-empty), verify that _`credential`_.[`id`](https://w3c.github.io/webappsec-credential-management/#dom-credential-id) identifies one of the [public key credentials](https://www.w3.org/TR/webauthn-2/#public-key-credential) listed in _`options`_.[`allowCredentials`](https://www.w3.org/TR/webauthn-2/#dom-publickeycredentialrequestoptions-allowcredentials). -- GitHub Notification of comment by emlun Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1699#issuecomment-1039346034 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Monday, 14 February 2022 17:18:38 UTC