GitLab

According to the CTAP spec, it is valid for external authenticators to
return response to GetAssertion request with an empty credential when
only one credential is listed in the allowed list section of the
corresponding GetAssertion request. In this case, manually set
credential id before returning the response to the relying party.

Bug: 900577
Change-Id: I9ea65eea1c1dc83d6f5312839c0d5db81b0febed
Reviewed-on: https://chromium-review.googlesource.com/c/1318973Reviewed-by: Kim Paulhamus <kpaulhamus@chromium.org>
Commit-Queue: Jun Choi <hongjunchoi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#605986}