feat(protocol): allow absent relying party id #166

james-d-elliott · 2023-10-01T01:01:20Z

This allows the use of a blank Relying Party ID which is permitted in the spec. This is a feature which is supported by level 1 and level 2 of the spec.

Closes #165

This allows the use of a blank Relying Party ID which is permitted in the spec.

This adds tests and validates another element of te requirements.

mitar · 2023-12-02T18:49:55Z

webauthn/types.go

+	var uri *url.URL
+
+	if len(config.RPID) != 0 {
+		if uri, err = url.Parse(config.RPID); err != nil {


I am not sure if parsing RPID makes sense? This should be generally be a domain name? So parsing as URL has little sense. I see that it was done like this before.

Spec here mentions:

Though, the RP ID syntaxes MUST conform to either valid domain strings or URIs [RFC3986] [URL].

But the later, URIs is only allowed for "Other specifications mimicking the WebAuthn API to enable WebAuthn public key credentials on non-Web platforms".

So I am not sure, but there is no requirement that it should not be absolute?

feat(protocol): allow absent relying party id

8f79567

This allows the use of a blank Relying Party ID which is permitted in the spec.

james-d-elliott requested a review from a team as a code owner October 1, 2023 01:01

test: add tests

09686bd

This adds tests and validates another element of te requirements.

mitar reviewed Dec 2, 2023

View reviewed changes

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

feat(protocol): allow absent relying party id #166

feat(protocol): allow absent relying party id #166

james-d-elliott commented Oct 1, 2023 •

edited

mitar Dec 2, 2023

feat(protocol): allow absent relying party id #166

Are you sure you want to change the base?

feat(protocol): allow absent relying party id #166

Conversation

james-d-elliott commented Oct 1, 2023 • edited

mitar Dec 2, 2023

Choose a reason for hiding this comment

james-d-elliott commented Oct 1, 2023 •

edited