Add explanation for userId contents

Change-Id: If18f24bd58603ed5c27dfdc38bd2bfa35226cc3f

diff --git a/tests/webauthn-manual-test-app/src/scenarios.cpp b/tests/webauthn-manual-test-app/src/scenarios.cpp
index 605ddc85cef3b78f893572ec3ee1e604c823c359..a0f88bff68b758874f26b44e56190244f872240f 100644 (file)
--- a/tests/webauthn-manual-test-app/src/scenarios.cpp
+++ b/tests/webauthn-manual-test-app/src/scenarios.cpp
@@ -420,6 +420,11 @@ void MCScenario::Test()
     m_options.exclude_credentials = exclude_credentials.size > 0 ? &exclude_credentials : nullptr;
 
     // Entity ID
+    // Here we use username as userId for easy user searching in createdCredDescs.
+    // Note that according to
+    // https://www.w3.org/TR/webauthn-3/#dictdef-publickeycredentialuserentity
+    // userId should not contain personally identifying information about the user,
+    // such as a username or e-mail address.
     wauthn_const_buffer_s userId = {reinterpret_cast<const uint8_t *>(m_contents.username),
                                     strlen(m_contents.username)};
     m_contents.userId = ToBuffer(userId);