-
Adam Langley authored
The logic around this has changed from CTAP 2.0 to the current draft of 2.1 and is likely to change further[1]. There's a good argument to be made based on CTAP 2.0 (but not the 2.1 draft) that it's ok to send numberOfCredentials even for a non-empty allow list case so we shouldn't depend on that. Instead, have AuthenticatorCommon just remember whether the allow list was empty or not. Then, in the empty case, show a picker if we can. If there are multiple options then we have to show a picker. If there's only a single option but we have identifying information, show a picker to let the user confirm which account they wish to use. In the future, if there's an explicit userSelected signal in CTAP2 then we'll suppress the picker when that's asserted. [1] https://github.com/fido-alliance/fido-2-specs/pull/717 Change-Id: I1060c94258428adfdc14f6999b1e07bde93456fb Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1762942 Commit-Queue: Adam Langley <agl@chromium.org> Auto-Submit: Adam Langley <agl@chromium.org> Reviewed-by:
Martin Kreichgauer <martinkr@google.com> Cr-Commit-Position: refs/heads/master@{#689300}
10a207e6
