From 703793523389a46f6b5f1cc4c4355e3a91d3d39b Mon Sep 17 00:00:00 2001 From: Hassan Ben Jobrane Date: Fri, 24 Nov 2023 15:04:49 +0100 Subject: [PATCH] feat: add AUTH_WEBAUTHN_RP_ID environment variable --- .env.example | 1 + docs/environment-variables.md | 1 + src/utils/env.ts | 3 +++ src/utils/webauthn.ts | 9 +++++++-- 4 files changed, 12 insertions(+), 2 deletions(-) diff --git a/.env.example b/.env.example index c2080e10e..60f61d4be 100644 --- a/.env.example +++ b/.env.example @@ -78,6 +78,7 @@ AUTH_PROVIDER_STRAVA_CLIENT_SECRET= # WEBAUTHN AUTH_WEBAUTHN_ENABLED= AUTH_WEBAUTHN_RP_NAME='Nhost App' +AUTH_WEBAUTHN_RP_ID='nhost.io' AUTH_WEBAUTHN_RP_ORIGINS= # LOGS diff --git a/docs/environment-variables.md b/docs/environment-variables.md index df56381f7..feca1bca7 100644 --- a/docs/environment-variables.md +++ b/docs/environment-variables.md @@ -53,6 +53,7 @@ | AUTH_JWT_CUSTOM_CLAIMS | | | | AUTH_WEBAUTHN_ENABLED | When enabled, passwordless Webauthn authentication can be done via device supported strong authenticators like fingerprint, Face ID, etc. | false | | AUTH_WEBAUTHN_RP_NAME | Relying party name. Friendly name visual to the user informing who requires the authentication. Probably your app's name. | | +| AUTH_WEBAUTHN_RP_ID | Relying party id. | | | AUTH_WEBAUTHN_RP_ORIGINS | Array of URLs where the registration is permitted and should have occurred on. `AUTH_CLIENT_URL` will be automatically added to the list of origins if is set. | | | AUTH_WEBAUTHN_ATTESTATION_TIMEOUT | How long (in ms) the user can take to complete authentication. | `60000` (1 minute) | diff --git a/src/utils/env.ts b/src/utils/env.ts index 4fb5677a7..9f76627a9 100644 --- a/src/utils/env.ts +++ b/src/utils/env.ts @@ -107,6 +107,9 @@ export const ENV = { get AUTH_WEBAUTHN_RP_NAME() { return castStringEnv('AUTH_WEBAUTHN_RP_NAME', ''); }, + get AUTH_WEBAUTHN_RP_ID() { + return castStringEnv('AUTH_WEBAUTHN_RP_ID', ''); + }, get AUTH_WEBAUTHN_RP_ORIGINS() { const origins = castStringArrayEnv('AUTH_WEBAUTHN_RP_ORIGINS', []); const clientUrl = ENV.AUTH_CLIENT_URL; diff --git a/src/utils/webauthn.ts b/src/utils/webauthn.ts index b209cf070..7f26d263b 100644 --- a/src/utils/webauthn.ts +++ b/src/utils/webauthn.ts @@ -9,8 +9,13 @@ import { ENV } from './env'; import { gqlSdk } from './gql-sdk'; import { AuthUserSecurityKeys_Insert_Input } from './__generated__/graphql-request'; -export const getWebAuthnRelyingParty = () => - ENV.AUTH_CLIENT_URL && new URL(ENV.AUTH_CLIENT_URL).hostname; +export const getWebAuthnRelyingParty = () => { + if (ENV.AUTH_WEBAUTHN_RP_ID) { + return ENV.AUTH_WEBAUTHN_RP_ID; + } + + return ENV.AUTH_CLIENT_URL && new URL(ENV.AUTH_CLIENT_URL).hostname; +}; export const getCurrentChallenge = async (id: string) => { const { user } = await gqlSdk.getUserChallenge({ id });