https://w3c.github.io/webauthn/#dom-publickeycredentialuserentity-id says:
A user handle is an opaque byte sequence with a maximum size of 64 bytes
but nothing says where or whether that maximum size is enforced. Based on code inspection, Firefox checks for this in code that gets called from CredentialsContainer.create and throws an exception (a DOMException with name "TypeError") if the user handle is longer than 64 bytes. Also based on code inspection it looks like Chrome throws a JS TypeError in this situation (with a comment about https://www.w3.org/TR/webauthn/#user-handle).
Note that the lack of clear processing model leads to lack of interop here: the two browsers are throwing totally different kinds of exceptions...
@jcjones
https://w3c.github.io/webauthn/#dom-publickeycredentialuserentity-id says:
but nothing says where or whether that maximum size is enforced. Based on code inspection, Firefox checks for this in code that gets called from
CredentialsContainer.createand throws an exception (a DOMException with name "TypeError") if the user handle is longer than 64 bytes. Also based on code inspection it looks like Chrome throws a JS TypeError in this situation (with a comment about https://www.w3.org/TR/webauthn/#user-handle).Note that the lack of clear processing model leads to lack of interop here: the two browsers are throwing totally different kinds of exceptions...
@jcjones