Closed lalithr95 closed 4 years ago
https://github.com/cedarcode/webauthn-ruby/pull/296 (after discussion in https://github.com/cedarcode/webauthn-ruby/issues/285) is solving this in a more comprehensive way, allowing multi-tenant applications to have different other settings as well. Let's see if we can get that over the finish line :)
Thank you for your PR @lalithr95 🙏
I second what @bdewater said in this case, specially given we're 99% to get it out.
Awesome, good to see it's already been worked on. I'll close this PR in favour of https://github.com/cedarcode/webauthn-ruby/pull/296
This won't work for the multi-tenant apps which can have multiple origins
Fixed on v3.0.0.alpha1
with the introduction of the RelyingParty
class (#296).
Give it a try and let us know if you have any feedback on how it works or anything.
Thank you @lalithr95 !
Currently, the origin is configurable to a single value through the webauthn config. This value is expected to match
window.location.origin
during the registration and authentication process. This won't work for the multi-tenant apps which can have multiple origins, so the origin can't be dynamically verified since it can be a single value in the config. To fix this issue, I've added an arg to pass expected origin when the public key credential is verified.