[webauthn] Can PublicKeyCredentialUserEntity.id be null? (#1702) from John Pascoe via GitHub on 2022-02-23 (public-webauthn@w3.org from February 2022)

From: John Pascoe via GitHub <sysbot+gh@w3.org>
Date: Wed, 23 Feb 2022 20:26:16 +0000
To: public-webauthn@w3.org
Message-ID: <issues.opened-1148541310-1645647975-sysbot+gh@w3.org>

pascoej has just created a new issue for https://github.com/w3c/webauthn:

== Can PublicKeyCredentialUserEntity.id be null? ==
Hi, I have recently been looking at bugs related to null user handle. The user handle in the response is clearly required, but the I'm a little unclear if PublicKeyCredentialUserEntity.id can be specified as null. The text in the spec says 

> The [user handle](https://www.w3.org/TR/webauthn-2/#user-handle) MUST NOT be empty, though it MAY be null.

and 

> required [BufferSource](https://heycam.github.io/webidl/#BufferSource)   [id](https://www.w3.org/TR/webauthn-2/#dom-publickeycredentialuserentity-id);

Am I correct in understanding that an RP cannot pass a null PublicKeyCredentialUserEntity.id and the text in the spec only refers to userHandleResult possibly being null?

Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1702 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Wednesday, 23 February 2022 20:26:18 UTC