Question about addition of credential.getClientExtensionResults() on registration object

[mattmazzola]

Related to #14, I as I was looking at the available data and which pieces of information I could use as user id. I came across: PublicKeyCredential/getClientExtensionResults

I wondered if it could be used here to supply "extra" data to the returned object. I'm not very familiar with these APIs so perhaps it is not useful, but I thought it was worth asking. Can close if it's not applicable. https://github.com/passwordless-id/webauthn/blob/f6e63f038cf53741cc1a745326ec5e7cea0bfb67/src/client.ts#L110-L119

[dagnelies]

Hi.

I feel like there are some things mixed up in the question, or I perhaps misinterpreted it.

1. First, a user might have multiple credentials. Basically, one per device.
2. I think it is better to let the user freely choose a username and use it as id directly, then associate all credentials of the user with that account. The webauthn protocol itself will not provide you a user "id", how could it? It will only provide an "id" of the key pair it generated.
3. Currently, protocol extensions are not supported in this library but I would be wary of their proper support across all browsers/platforms/devices.

[mattmazzola]

The webauthn protocol itself will not provide you a user "id", how could it?

Yes, I didn't expect webauthn to be providing it, but in #14 I saw the library is defining an ID and I had proposed exposing it and this caused me to think about what other data could be on the returned registration object.

protocol extensions are not supported in this library but I would be wary of their proper support across all browsers/platforms/devices

Ok, yes, having wide support seems like good concern for something like authentication. I will close then.