- From: David Waite via GitHub <noreply@w3.org>
- Date: Tue, 15 Jul 2025 20:02:11 +0000
- To: public-webauthn@w3.org
> * Call `get` with constant user ID and immediate mediation set. > * If it gets `NotAllowedError` call `create` with `onlyCreate` set with same constant user ID. I'm a bit confused. > Because for my use case, there ever will be only one account for a RP, so "any credential for RP returned by the client" is that credential known to RP. Is your goal to have a feature for RPs with single user accounts, to abolish the user handle since it is an internal implementation detail thats impeding a desired UX, or to abolish the user handle for another technical reason? Is the goal of this flag to prevent overwriting on a single authenticator, or to attempt to say only one credential should be allowed by the client for this `(rpId,userHandle)` pair across all currently visible authenticators? -- GitHub Notification of comment by dwaite Please view or discuss this issue at https://github.com/w3c/webauthn/issues/2313#issuecomment-3075337551 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Tuesday, 15 July 2025 20:02:12 UTC