You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This change may be backwards-incompatible: RPs would still have to set a displayName value in case the browser hasn't yet updated to WebAuthn L3 and therefore would return an error instead of assigning displayName the new default value.
There's too much of a foot gun for RP's right now to consider omitting displayName when displayName: "" would maintain backwards compatibility with clients that hadn't updated to support optional displayName, if that change were to be made to the spec.
I vote we close this issue out, the benefits don't seem to outweigh the potential risks.
This was brought up in #1942: Since PR #1932, the description of
PublicKeyCredentialUserEntity.displayName
includes:The motivation for this being that setting
displayName
to empty seemed preferable to setting bothname
anddisplayName
to the same value. With this in mind, shouldPublicKeyCredentialUserEntity.displayName
be made optional, defaulting to an empty string?The text was updated successfully, but these errors were encountered: