-
Notifications
You must be signed in to change notification settings - Fork 53
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
RelyingParty#id should default to the domain of #origin #427
Comments
Hi @asavageiv! Thank you the report! Currently, if the user has not set an I find it surprising that this was an issue for you when using an Android Client – I'm curious, what issue were you experiencing exactly? We might have to re-think about the approach that we are using here! Then again, thanks! |
Android expects the rpId to exist in the challenge. |
Sorry, I did not mention that the Now, about the |
Per the spec the RP ID "must be equal to the origin's effective domain, or a registrable domain suffix of the origin's effective domain." and "By default, the RP ID for a WebAuthn operation is set to the caller’s origin's effective domain."
I was surprised that setting the origin did not automatically set the ID if it was unset. This led to failures when my Android client didn't receive an ID.
Can we set the ID by default per the spec?
The text was updated successfully, but these errors were encountered: