Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Make rpID required when generating authentication options #553

Closed
MasterKale opened this issue Apr 12, 2024 · 1 comment · Fixed by #555
Closed

Make rpID required when generating authentication options #553

MasterKale opened this issue Apr 12, 2024 · 1 comment · Fixed by #555
Milestone
v10.0.0

Comments

@MasterKale
Copy link
Owner

Describe the issue

I'm going to make the rpID argument required when calling generateAuthenticationOptions(), for consistency with generateRegistrationOptions(). There's no point in letting it be optional during auth when one has already been chosen for registration. RP ID scoping is also easy to mess up, so let's encourage devs to move towards the safer solution of explicitly defining an RP ID for both ceremonies.
@MasterKale MasterKale added this to the v10.0.0 milestone Apr 12, 2024
@MasterKale MasterKale mentioned this issue Apr 12, 2024
Merged
@MasterKale
Copy link
Owner Author

This change is now available in the recently-published @simplewebauthn/server@10.0.0 ✌️

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
v10.0.0
Development

Successfully merging a pull request may close this issue.

fix/553-require-rp-id-auth-options MasterKale/SimpleWebAuthn
1 participant
@MasterKale