update readme

README.md

@@ -79,7 +79,7 @@ Utilities
 ---------
 
 ```js
-import { client } from '@passwordless-id/webauthn' 
+import { client } from '@passwordless-id/webauthn'
 
 client.isAvailable()
 ```
@@ -127,7 +127,7 @@ Remember it on the server side during a certain amount of time and "consume" it
 Example call:
 
 ```js
-import { client } from '@passwordless-id/webauthn' 
+import { client } from '@passwordless-id/webauthn'
 
 const challenge = "a7c61ef9-dc23-4806-b486-2428938a547e"
 const registration = await client.register("Arnaud", challenge, {
@@ -145,6 +145,7 @@ Parameters:
 - `username`: The desired username.
 - `challenge`: A server-side randomly generated string.
 - `options`: See [below](#options).
+- `mode`: `browser` | `extension`, defaults to `browser`. When set to `extension`, `rp.id` is set to undefined.
 
 The `registration` object looks like this:
 
@@ -167,7 +168,7 @@ Then simply send this object as JSON to the server.
 
 
 ```js
-import { server } from '@passwordless-id/webauthn' 
+import { server } from '@passwordless-id/webauthn'
 
 const expected = {
  challenge: "a7c61ef9-dc23-4806-b486-2428938a547e", // whatever was randomly generated by the server
@@ -279,12 +280,13 @@ Parameters:
 - `credentialIds`: The list of credential IDs that can be used for signing.
 - `challenge`: A server-side randomly generated string, the base64url encoded version will be signed.
 - `options`: See [below](#options).
+- `mode`: `browser` | `extension`, defaults to `browser`. When set to `extension`, `rp.id` is set to undefined.
 
 
 ### 3. In the server, load the credential key
 
 ```js
-import { server } from '@passwordless-id/webauthn' 
+import { server } from '@passwordless-id/webauthn'
 
 const credentialKey = { // obtained from database by looking up `authentication.credentialId`
  id: "3924HhJdJMy_svnUowT8eoXrOOO6NLP8SK85q2RPxdU",
@@ -321,12 +323,13 @@ const expected = {
 ### 4. Verify the authentication
 
 ```js
-const authenticationParsed = await server.verifyAuthentication(authentication, credentialKey, expected)
+const authenticationParsed = await server.verifyAuthentication(authentication, credentialKey, expected, mode)
 ```
 
 Either this operation fails and throws an Error, or the verification is successful and returns the parsed authentication payload.
 
 Please note that this parsed result `authenticationParsed` has no real use. It is solely returned for the sake of completeness. The `verifyAuthentication` already verifies the payload, including the signature.
+Set mode to `extension` when verifying credentials sent by browser extensions, by default its set to `browser`
 
 
 Remarks
@@ -335,7 +338,7 @@ Remarks
 ### The `challenge` is critical
 
 The challenge must be a random value.
-Otherwise, your implementation might become vulnerable to replay attacks. 
+Otherwise, your implementation might become vulnerable to replay attacks.
 
 
 ### There can be multiple credentials per user ID