Re: [webauthn] Revisit description of userHandle (#1909) from Arian van Putten via GitHub on 2023-06-27 (public-webauthn@w3.org from June 2023)

From: Arian van Putten via GitHub <sysbot+gh@w3.org>
Date: Tue, 27 Jun 2023 19:58:27 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-1610131343-1687895905-sysbot+gh@w3.org>

The spec also says:

> [Discoverable credentials](https://w3c.github.io/webauthn/#discoverable-credential) store this identifier and return it as [response](https://w3c.github.io/webauthn/#dom-publickeycredential-response).[userHandle](https://w3c.github.io/webauthn/#dom-authenticatorassertionresponse-userhandle) in [authentication ceremonies](https://w3c.github.io/webauthn/#authentication-ceremony) started with an [empty](https://infra.spec.whatwg.org/#list-empty) [allowCredentials](https://w3c.github.io/webauthn/#dom-publickeycredentialrequestoptions-allowcredentials) argument.

Which kind of implies that a Discoverable credential should return `userHandle`

It makes sense that it is non-required in the `authenticatorAssertionResponse` as non-discoverable credentials can not return a `userHandle`

-- 
GitHub Notification of comment by arianvp
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1909#issuecomment-1610131343 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Tuesday, 27 June 2023 19:58:29 UTC