Based on https://developers.yubico.com/WebAuthn/WebAuthn_Developer_Guide/User_Handle.html

If I understand correctly, currently the Authenticator model stores the user FK, but does not store the userHandle encrypted string, so in the discoverable credential approach we cannot identify the user by using the userHandle provided from the security key.