-
Notifications
You must be signed in to change notification settings - Fork 120
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fido2-lib with android and ios #149
Comments
Have you set the domain for Android as documented here: https://github.com/f-23/react-native-passkey?tab=readme-ov-file#android ? |
Yes, i properly configured the I asked in the I guess i need to setup something on the server side to decide the origin to use in |
Hi team, this appears to be related to the W3C late-stage change from strict text matching origins to "registrable subdomains"... I believe it's a valid setup to have a relying party host a web page at:
But set its
And a native context would set it to:
Because, among other reasons, Apple and Google are still requiring or have only newly shifted to using a My question then becomes, can/should we move this concept of registrable subdomain into Just so we know it's standard security practice, rather than doing that in the calling code? Noting that I am committing this issue URL to main in a comment 😅 |
Thanks for the good discussion - www.example.com is not the same as example.com, as www is just a valid subdomain that can contain everything. Do the specs require https anywhere? We could try to add the protocol if unspecified, but I'm afraid it would lead to issues with other applications (eg apps). |
Well, I was have a very similar issue on the iOS side but I seemed to have resolved that. Now Im getting Any ideas? |
you can simply conditionally check from which app did the response come and set the appropriate origin for either, e.g. by looking up requests' User-Agent header or anything like that. |
Hi, I am executing a demo with
fido2-lib
on the backend with mocked data. The library I am using (react-native-passkey
) on the device seems to be working because the passkey generation and usage system dialogs appears and the library is returning the followingclientDataObj
to be checked byfido2-lib
:On iOS, the
PasskeyRegistrationResult
the library is returning provided me the followingclientDataObj
:However, on android, the library returns the following
clientDataObj
:On the server side, the following
fido2-lib
method is working on iOS:How should I configure origins for both apps?
In android's case,
attestationResult
returnsError: clientData origin did not match expected origin
.The text was updated successfully, but these errors were encountered: