-
-
Notifications
You must be signed in to change notification settings - Fork 45
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Unexpected RpIdHash #45
Comments
I suspect the origin will not be |
No, this is all in context of popup panel, there's no website being visited. @dagnelies |
Hmmm... I never tried it with browser extensions so far, so I'm not familiar with it. |
Is there a way to override this? For chrome extension this needs to be set to empty. This will also prevent authentication from iframes I guess. |
@dagnelies I found the issue, can I pr for extension support? |
Sure, you're welcome! Ideally with a note in the readme too. |
Solved in v1.6.0 |
@dagnelies Thanks. |
@raynirola ...wait a second ...it's incomplete ...further fix coming |
Still 1 issue, rp.id is optional by default (on browsers), and with chrome extension it needs to be set to undefined. |
Well, according to the specs it is required: https://w3c.github.io/webauthn/#dom-publickeycredentialrpentity-id EDIT: Nevermind... the name is required but not the id |
https://developer.mozilla.org/en-US/docs/Web/API/CredentialsContainer/create#id_4 |
I guess there's confusion between entity id and relying party id, or browsers not following specs |
In the specs too, the RP ID is always a domain and never ever anything else. Regarding "browsers not following specs" it's kind of commonplace with webauthn sadly 😓 ...and is still feels like a "moving target". I would be warry of seeing behavior changes regarding webauthn and chrome extensions. Regarding your initial post, could you please try out the latest version and simply set |
So, in |
I am implementing webauthn in chrome extension, registration works, authentication fails with
Unexpected RpIdHash: foo vs bar
client:
server:
The text was updated successfully, but these errors were encountered: