Make rpID required when generating authentication options

MasterKale / SimpleWebAuthn

WebAuthn, Simplified. A collection of TypeScript-first libraries for simpler WebAuthn integration. Supports modern browsers, Node, Deno, and more.

https://simplewebauthn.dev

MIT License

1.62k stars 137 forks source link

Make rpID required when generating authentication options #553

Closed MasterKale closed 7 months ago

MasterKale commented 7 months ago

Describe the issue

I'm going to make the rpID argument required when calling generateAuthenticationOptions(), for consistency with generateRegistrationOptions(). There's no point in letting it be optional during auth when one has already been chosen for registration. RP ID scoping is also easy to mess up, so let's encourage devs to move towards the safer solution of explicitly defining an RP ID for both ceremonies.

MasterKale commented 7 months ago

This change is now available in the recently-published @simplewebauthn/server@10.0.0 ✌️