Rename webauthn_id in README examples to avoid ambiguity#502
Rename webauthn_id in README examples to avoid ambiguity#502ttanimichi wants to merge 4 commits into
webauthn_id in README examples to avoid ambiguity#502Conversation
webauthn_id in README examples to avoid ambiguity
webauthn_id in README examples to avoid ambiguitywebauthn_id in README examples to avoid ambiguity
|
Thanks for this, @ttanimichi – and for the companion PR adding the Happy to take that The one I'm not sold on is |
|
@santiagorodriguez96 Thank you for your comment. Fixed 6dccf50 |
Follow-up to #502 The value returned by `WebAuthn.generate_user_id` is actually a [user handle](https://www.w3.org/TR/webauthn-2/#user-handle), not a user id — it's an opaque, randomly generated value that the spec recommends to *not* contain any personally identifying information. The name `generate_user_id` is misleading because it suggests using an application's own user identifier. This PR adds `WebAuthn.generate_user_handle` as a clearer, spec-aligned name and updates the README to use it. `WebAuthn.generate_user_id` is kept as an alias, so this is fully backwards compatible.
|
@ttanimichi There're some conflicts after having merged #503 👀 |
|
@santiagorodriguez96 I've resolved the merge conflicts and fixed a minor code comment |
The README examples used the same name
webauthn_idfor two distinct concepts: the User Handle stored on the user, and the Credential ID stored on each credential. Using one name for both is confusing, so this PR renames them in the example code:user.webauthn_id→user.webauthn_user_handlecredential.webauthn_id→credential.credential_iduser.credentials→user.webauthn_credentials