- From: Nina Satragno via GitHub <noreply@w3.org>
- Date: Tue, 28 Oct 2025 18:10:03 +0000
- To: public-webauthn@w3.org
> Could requestUserInfo feature become a reason to expand the definition of ClientCapabilities to allow more dynamic feature values than boolean?
That seems more unwieldy, no?
```javascript
let [userInfoIdentifier, userInfoAttribute] = await PublicKeyCredential.getClientCapabilities();
if (userInfoIdentifier &&
userInfoAttribute &&
userInfoIdentifier.includes("phone") &&
userInfoIdentifier.includes("email") &&
userInfoAttribute.includes("name")) {
// You can use requestUserInfo.
}
```
Compared to
```javascript
let capabilities = await PublicKeyCredential.getClientCapabilities();
if (capabilities["userInfoIdentifierEmail"] &&
capabilities["userInfoAttributePhone"] &&
capabilities["userInfoAttributeName"]) {
// You can use requestUserInfo.
}
```
> Also @nsatragno it's still unclear to me from the explainer why, if identifier gets used for user.name and user.displayName, then why is name in a separate attribute?
Here "name" is the user's natural name, like "Marisa Kirisame", as opposed to an email, like "mkirisame@example.com".
> This just seems like a collection mechanism for getting the user's name
It is! The point of this API is to provide a set of attributes that is enough to create an account with a site, and usually that requires a name. Of course, the user can still claim a fake name through the API.
> RPs are already expected to ask for this info out of band, so why are we adding a mechanism for requesting the user's name as well in the ceremony output?
Hopefully usage of the API would allow sites to not have to ask for this information out of band.
--
GitHub Notification of comment by nsatragno
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/2336#issuecomment-3457827147 using your GitHub account
--
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Tuesday, 28 October 2025 18:10:04 UTC