FIDO2 - Conformance API - username / userhandle

41 views
Skip to first unread message

Dani Mező

unread,
Dec 16, 2021, 5:27:12 AM12/16/21
to FIDO Dev (fido-dev)
Hi devs, Yuriy,

So I noticed, that in the Authentication ceremony, for both request the client sends user info to the server in the conformance api (username & userHandle). Why is that? Is it not sufficient to send a username in the original and get on with it, why is it needed to send down the userID as well - is it not the server's responsibility to figure that out?

1st. request:
dictionary ServerPublicKeyCredentialGetOptionsRequest { 
   required DOMString username; 
   UserVerificationRequirement userVerification = "preferred"; 
 };

2nd. request:
dictionary ServerAuthenticatorAssertionResponse : ServerAuthenticatorResponse {
 required DOMString clientDataJSON; 
 required DOMString authenticatorData; 
 required DOMString signature; required DOMString userHandle; 
};

Cheers, Daniel
Reply all
Reply to author
Forward
0 new messages