search

MasterKale / SimpleWebAuthn

WebAuthn, Simplified. A collection of TypeScript-first libraries for simpler WebAuthn integration. Supports modern browsers, Node, Deno, and more.
https://simplewebauthn.dev
MIT License
1.62k stars 137 forks source link

Default `userDisplayName` to empty string when not specified #536

Closed MasterKale closed 8 months ago

MasterKale commented 8 months ago

Describe the issue

The definition of PublicKeyCredentialUserEntity.displayName was refined in L3 to declare that it is preferable to set this value to an empty string when it's not needed:

A human-palatable name for the user account, intended only for display. The Relying Party SHOULD let the user choose this, and SHOULD NOT restrict the choice more than necessary. If no suitable or human-palatable name is available, the Relying Party SHOULD set this value to an empty string.

(Emphasis mine)

I should update generateRegistrationOptions() accordingly to match this behavior. Right now it defaults to the same value as userName when not specified.

MasterKale commented 7 months ago

This change is now available in the recently-published @simplewebauthn/server@10.0.0 ✌️