ProjectPasskeys: Replace requestedParties with rpId, and origins
#9248
Assignees
Milestone
Comments
11 tasks
maduvena
changed the title
requestedParties with rpId, and originsrequestedParties with rpId, and origins
|
code has been committed as part of #9111. |
|
TODOs:
References : 1. https://passkeys.dev/docs/advanced/related-origins/ |
maduvena
added a commit
that referenced
this issue
Sep 25, 2024
…o RpId Signed-off-by: Madhumita <madhu@gluu.org>
6 tasks
imran-ishaq
added a commit
that referenced
this issue
Oct 29, 2024
…ript for attestation and assertion API calls #9248 Signed-off-by: imran-ishaq <imranishaq024@gmail.com>
imran-ishaq
added a commit
that referenced
this issue
Oct 29, 2024
Signed-off-by: imran-ishaq <imranishaq024@gmail.com>
6 tasks
imran-ishaq
added a commit
that referenced
this issue
Oct 30, 2024
Signed-off-by: imran-ishaq <imranishaq024@gmail.com>
imran-ishaq
added a commit
that referenced
this issue
Oct 30, 2024
…tion and assertion API calls #9248 (#9974) * feat(jans-fido2): add origin parameter in Fido2ExternalAuthenticator script for attestation and assertion API calls Signed-off-by: imran-ishaq <imranishaq024@gmail.com> * refactor(docs): add origin parameter in Fido2ExternalAuthenticator script for attestation and assertion API calls #9248 Signed-off-by: imran-ishaq <imranishaq024@gmail.com> * fix(jans-fido2): handle origin if http or https is missing #9248 Signed-off-by: imran-ishaq <imranishaq024@gmail.com> --------- Signed-off-by: imran-ishaq <imranishaq024@gmail.com>
imran-ishaq
added a commit
that referenced
this issue
Nov 1, 2024
Signed-off-by: imran-ishaq <imranishaq024@gmail.com>
|
New notes: RP ID is a domain string only, and does not mention a scheme or port number as an origin does. The RP ID of a PublicKeyCredential sets it scope, i.e. it determines the origins on which it may be exercised as follows: The RP ID must be equal to the origin's effective domain, or a registrable suffix of the origin's effective domain. The origin's scheme must be 'https'. The origin's port number is unrestricted. This is done in order ... |
moabu
pushed a commit
that referenced
this issue
Nov 7, 2024
…o RpId Signed-off-by: Madhumita <madhu@gluu.org>
moabu
pushed a commit
that referenced
this issue
Nov 7, 2024
…tion and assertion API calls #9248 (#9974) * feat(jans-fido2): add origin parameter in Fido2ExternalAuthenticator script for attestation and assertion API calls Signed-off-by: imran-ishaq <imranishaq024@gmail.com> * refactor(docs): add origin parameter in Fido2ExternalAuthenticator script for attestation and assertion API calls #9248 Signed-off-by: imran-ishaq <imranishaq024@gmail.com> * fix(jans-fido2): handle origin if http or https is missing #9248 Signed-off-by: imran-ishaq <imranishaq024@gmail.com> --------- Signed-off-by: imran-ishaq <imranishaq024@gmail.com>
moabu
pushed a commit
that referenced
this issue
Nov 7, 2024
Signed-off-by: imran-ishaq <imranishaq024@gmail.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
RP.ID is set one time, and can not be changed. It must be carefully considered, and is integral part of the access control for the authenticat
For jans, this is how we should be doing it:
RP.ID must always be set
RP.ID must be set separately from ORIGINS
RP.ID must be just the HOST part, or FQDN
RP.ID need to have a clear documentation
Origins are a list of origins (protocol + host + port), that must specified by the user separately
TODOs:
if origin returned in ClientDataJson is in the list of allowed origins, then pass
Your origins can be, https://bank.com/ https://auth.bank.com/ https://internal.bank.com/
Origins can be a set, and can change
The text was updated successfully, but these errors were encountered: