New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Multiple expectedOrigin and expectedRPID #90
Comments
It's hard to comment on this without knowing more about your use case but can't that lookup information and logic not reside in the extension, prior to calling |
From the test we made the origin is different between browsers (and dev/prod environement) as the extension register with a built-in origin, for instance on Firefox it is EDIT: plus I'm really looking to have the server part interoperable with Android/iOS native apps. |
Oh, are you using WebAuthn to protect access to some aspect of your browser extension? What a fascinating use case! I see now, with UUID-like origins like that, how it would be difficult to ensure a consistent RP ID across environments. So then, to clarify, the request is to change |
Yes, exactly, two use cases: 2FA and access validation (I can give you concrete examples of this in private as I don't want to leak too much information publicly).
Correct, then it would be something like |
@Mikescops Take a look at PR #91 and let me know if anything looks off, otherwise I'll merge it in later today and cut a release. |
@MasterKale wow that's fast, thanks! 👍 |
Hello,
Thanks for your great work.
I have a use case that seems not working with the current implementation of the lib.
When using SimpleWebAuthn on a browser extension I have different expectedOrigin and expectedRPID for Firefox / Chrome / ...
Maybe I'm wrong but the only way I see to have the lib working with this use case is to change both
expectedOrigin
andexpectedRPID
from string to tables so that I can check if the origin and rpId in the attestation/assertion are in the list.Is my interpretation correct and is it worth to support this use case in the lib?
The text was updated successfully, but these errors were encountered: