java-webauthn-server icon indicating copy to clipboard operation
java-webauthn-server copied to clipboard

Published 20 hours ago verified publisher icon Yubico

Lookup credentials based only on user_handle instead of user_name

Open yunhao-cash opened this issue 1 year ago • 10 comments

Hello team,

I've observed that sometime we use user_name to look up stored public key credentials, examples are when we resolve the allowCredentials list in authentication ceremony and excludeCredentials list in registration ceremony.

I wonder if we can just use user_handle to resolve for credential instead? as user_handle is more "immutable" than user_name, which could be changed from time to time.

Is that to accomodate sometime user_handle is missing but only user_name is presenting?

yunhao-cash avatar Sep 12 '23 19:09 yunhao-cash

Hi! This sounds like a duplicate of issue #274, which is about supporting username-less accounts. There is some experimental support for that available, see the most recent few comments in the #274 thread. Does that answer your questions?

emlun avatar Sep 13 '23 08:09 emlun

Hi! This sounds like a duplicate of issue #274, which is about supporting username-less accounts. There is some experimental support for that available, see the most recent few comments in the #274 thread. Does that answer your questions?

Hi, thanks for the response! I take a look at the v2 interface, it seems exactly fit our need - prefer using user_handle as the key to fetch data in the repository. I wonder what's the plan for promoting the experimental branch to mainline, is there any plan for that?

yunhao-cash avatar Sep 21 '23 02:09 yunhao-cash

We want to do it eventually, but there's no concrete time plan at the moment. Perhaps in one or two months from now, but I can't promise that either. Sorry I can't give you a better answer.

emlun avatar Sep 21 '23 09:09 emlun

But please let us know if there's a particular time frame that would help you, and we can take that into consideration when prioritizing work. We could probably also make the v2 interfaces available in a shorter time frame as an experimental release, like 2.6.0-alpha1, if you need it for prototyping.

emlun avatar Sep 21 '23 09:09 emlun

But please let us know if there's a particular time frame that would help you, and we can take that into consideration when prioritizing work. We could probably also make the v2 interfaces available in a shorter time frame as an experimental release, like 2.6.0-alpha1, if you need it for prototyping.

Thanks for quick reply, I think releasing it to an alpha could help a lot and we will start integrating v2 repository.

Our feature is not launched yet, we do want to launch it sometime in Q4 (October/November 2023), integrating with v2 repository will allow us to avoid some user_name -> user_handle lookup so if time permits we do want to include it in the first release.

yunhao-cash avatar Sep 21 '23 18:09 yunhao-cash

Thanks for letting us know! I can't promise an experimental release yet, but we'll let you know if we set a planned release date.

emlun avatar Sep 28 '23 15:09 emlun

Hi again! We're aiming to make the experimental release with the new V2 interfaces soon, hopefully this week or next week. Would that be helpful for you?

emlun avatar Oct 24 '23 16:10 emlun

Hi again! We're aiming to make the experimental release with the new V2 interfaces soon, hopefully this week or next week. Would that be helpful for you?

That would be awesome and will help our timeline 🙏

yunhao-cash avatar Oct 24 '23 17:10 yunhao-cash

Sorry, the release has slipped a bit, but we hope to finish it this week.

emlun avatar Nov 08 '23 11:11 emlun

This is now released in experimental release 2.6.0-alpha4. Thanks for your patience!

emlun avatar Nov 09 '23 19:11 emlun