When client-side discoverable resident keys are used with WebAuthN, it is not necessary for the relying party to first identify the user trying to sign in. How then does the RP know which user signed in? Does the RP just receive the AuthenticatorAssertionResponse and get the user.id from that?
The value of response.userHandle in an assertion response can be used to identify the user that's logging in - it will equal whatever was set to user.id in the PublicKeyCredentialCreationOptions that were passed to navigator.credentials.create().
userHandle is a potentially undefined value, but when resident keys are required during attestation then the authenticator must remember the user ID - see Step 7.4 of the authenticatorMakeCredential operation (the user handle is part of the key the authenticator uses in its internal credentials map to remember a discoverable credential for a given RP ID and user handle).