feat: add AUTH_WEBAUTHN_RP_ID environment variable

nhost · Nov 24, 2023 · 7037935 · 7037935
1 parent b6b1afd
commit 7037935
Show file tree

Hide file tree

Showing 4 changed files with 12 additions and 2 deletions.
diff --git a/.env.example b/.env.example
@@ -78,6 +78,7 @@ AUTH_PROVIDER_STRAVA_CLIENT_SECRET=
 # WEBAUTHN
 AUTH_WEBAUTHN_ENABLED=
 AUTH_WEBAUTHN_RP_NAME='Nhost App'
+AUTH_WEBAUTHN_RP_ID='nhost.io'
 AUTH_WEBAUTHN_RP_ORIGINS=
 
 # LOGS

diff --git a/docs/environment-variables.md b/docs/environment-variables.md
@@ -53,6 +53,7 @@
 | AUTH_JWT_CUSTOM_CLAIMS                                |                                                                                                                                                                                                                                         |                              |
 | AUTH_WEBAUTHN_ENABLED                                 | When enabled, passwordless Webauthn authentication can be done via device supported strong authenticators like fingerprint, Face ID, etc.                                                                                               | false                        |
 | AUTH_WEBAUTHN_RP_NAME                                 | Relying party name. Friendly name visual to the user informing who requires the authentication. Probably your app's name.                                                                                                               |                              |
+| AUTH_WEBAUTHN_RP_ID                                   | Relying party id.                                                                                                                                                                                                                       |                              |
 | AUTH_WEBAUTHN_RP_ORIGINS                              | Array of URLs where the registration is permitted and should have occurred on. `AUTH_CLIENT_URL` will be automatically added to the list of origins if is set.                                                                          |                              |
 | AUTH_WEBAUTHN_ATTESTATION_TIMEOUT                     | How long (in ms) the user can take to complete authentication.                                                                                                                                                                          | `60000` (1 minute)           |
 

diff --git a/src/utils/env.ts b/src/utils/env.ts
@@ -107,6 +107,9 @@ export const ENV = {
   get AUTH_WEBAUTHN_RP_NAME() {
     return castStringEnv('AUTH_WEBAUTHN_RP_NAME', '');
   },
+  get AUTH_WEBAUTHN_RP_ID() {
+    return castStringEnv('AUTH_WEBAUTHN_RP_ID', '');
+  },
   get AUTH_WEBAUTHN_RP_ORIGINS() {
     const origins = castStringArrayEnv('AUTH_WEBAUTHN_RP_ORIGINS', []);
     const clientUrl = ENV.AUTH_CLIENT_URL;

diff --git a/src/utils/webauthn.ts b/src/utils/webauthn.ts
@@ -9,8 +9,13 @@ import { ENV } from './env';
 import { gqlSdk } from './gql-sdk';
 import { AuthUserSecurityKeys_Insert_Input } from './__generated__/graphql-request';
 
-export const getWebAuthnRelyingParty = () =>
-  ENV.AUTH_CLIENT_URL && new URL(ENV.AUTH_CLIENT_URL).hostname;
+export const getWebAuthnRelyingParty = () => {
+  if (ENV.AUTH_WEBAUTHN_RP_ID) {
+    return ENV.AUTH_WEBAUTHN_RP_ID;
+  }
+
+  return ENV.AUTH_CLIENT_URL && new URL(ENV.AUTH_CLIENT_URL).hostname;
+};
 
 export const getCurrentChallenge = async (id: string) => {
   const { user } = await gqlSdk.getUserChallenge({ id });