FIDO2 - Conformance API - username / userhandle

41 views

Skip to first unread message

Dani Mező

unread,

Dec 16, 2021, 5:27:12 AM12/16/21

to FIDO Dev (fido-dev)

Hi devs, Yuriy,

So I noticed, that in the Authentication ceremony, for both request the client sends user info to the server in the conformance api (username & userHandle). Why is that? Is it not sufficient to send a username in the original and get on with it, why is it needed to send down the userID as well - is it not the server's responsibility to figure that out?

1st. request:

dictionary ServerPublicKeyCredentialGetOptionsRequest {

required DOMString username;

UserVerificationRequirement userVerification = "preferred";

};

2nd. request:

dictionary ServerAuthenticatorAssertionResponse : ServerAuthenticatorResponse {

required DOMString clientDataJSON;

required DOMString authenticatorData;

required DOMString signature; required DOMString userHandle;

};

Cheers, Daniel

Reply all

Reply to author

Forward

0 new messages