Skip to content

Rename webauthn_id in README examples to avoid ambiguity#502

Open
ttanimichi wants to merge 4 commits into
cedarcode:masterfrom
ttanimichi:rename-webauthn-id
Open

Rename webauthn_id in README examples to avoid ambiguity#502
ttanimichi wants to merge 4 commits into
cedarcode:masterfrom
ttanimichi:rename-webauthn-id

Conversation

@ttanimichi

@ttanimichi ttanimichi commented Jun 28, 2026

Copy link
Copy Markdown
Contributor

The README examples used the same name webauthn_id for two distinct concepts: the User Handle stored on the user, and the Credential ID stored on each credential. Using one name for both is confusing, so this PR renames them in the example code:

  • user.webauthn_iduser.webauthn_user_handle
  • credential.webauthn_idcredential.credential_id
  • user.credentialsuser.webauthn_credentials

@ttanimichi ttanimichi changed the title docs: Rename webauthn_id in README examples to avoid ambiguity docs: Rename webauthn_id in README examples to avoid ambiguity Jun 28, 2026
@ttanimichi ttanimichi changed the title docs: Rename webauthn_id in README examples to avoid ambiguity Rename webauthn_id in README examples to avoid ambiguity Jun 28, 2026
@santiagorodriguez96

Copy link
Copy Markdown
Contributor

Thanks for this, @ttanimichi – and for the companion PR adding the generate_webauthn_user_handle alias.

Happy to take that user.webauthn_id to user.webauthn_user_handle renaming. user.credentials to user.webauthn_credentials is fine too.

The one I'm not sold on is credential.webauthn_id to credential.credential_id. Once the user attribute is renamed, webauthn_id is no longer overloaded – it only refers to the credential's ID at that point, so the ambiguity you're describing is already resolved. Beyond that, I actually find webauthn_id the clearer name here: it feels to me that credential.credential_id reads a bit redundantly and blurs the line with the record's own id.

@ttanimichi

Copy link
Copy Markdown
Contributor Author

@santiagorodriguez96 Thank you for your comment. Fixed 6dccf50

santiagorodriguez96 pushed a commit that referenced this pull request Jul 3, 2026
Follow-up to #502

The value returned by `WebAuthn.generate_user_id` is actually a
[user handle](https://www.w3.org/TR/webauthn-2/#user-handle), not a user id —
it's an opaque, randomly generated value that the spec recommends to *not*
contain any personally identifying information. The name `generate_user_id`
is misleading because it suggests using an application's own user identifier.

This PR adds `WebAuthn.generate_user_handle` as a clearer, spec-aligned name
and updates the README to use it. `WebAuthn.generate_user_id` is kept as an
alias, so this is fully backwards compatible.
@santiagorodriguez96

Copy link
Copy Markdown
Contributor

@ttanimichi There're some conflicts after having merged #503 👀

@ttanimichi

Copy link
Copy Markdown
Contributor Author

@santiagorodriguez96 I've resolved the merge conflicts and fixed a minor code comment

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants