- From: Matthew Miller via GitHub <sysbot+gh@w3.org>
- Date: Tue, 27 May 2025 21:33:18 +0000
- To: public-webauthn@w3.org
There's now two mentions of "matching username" in this issue. Are these in reference to matching on [`PublicKeyCredentialEntity.name`](https://w3c.github.io/webauthn/#dom-publickeycredentialentity-name) (`user.name`), or for [`PublicKeyCredentialUserEntity.id`](https://w3c.github.io/webauthn/#dom-publickeycredentialuserentity-id) (`user.id`)? `user.name` has never been used to determine when an authenticator should raise `InvalidStateError` during credential registration hence my trying to clarify this. This value in particular is arguably less static than `user.id`, especially since many RPs allow users to change their username/email address/etc... If we tried to key _anything_ off `user.name` then I can see behavior becoming unpredictable if e.g. an RP lets a user change their username but then doesn't call the corresponding Signal API to help the authenticator update its [otherUI](https://w3c.github.io/webauthn/#public-key-credential-source-otherui) with the same value. -- GitHub Notification of comment by MasterKale Please view or discuss this issue at https://github.com/w3c/webauthn/issues/2296#issuecomment-2914114064 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Tuesday, 27 May 2025 21:33:21 UTC