Closed nrw505 closed 3 years ago
Hi @nrw505 ,
Thank you for your PR ❤️ The gem currently provides a way to handle multi-tenant applications the following way. There has been a few issues reported on that matter that we have now luckily closed, but might be useful to browse through them to find similarities with what you're going though. We have moved away voluntarily from passing the expected origin, rp_id and others directly to the verification methods.
BTW, the docs I pointed to were not merged when you saw the README and I apologized for my lateness on that on my side.
If you have an app that serves from multiple domain names, you need to be able to pass the expected origin to the
verify
method of PublicKeyCredentialWithAssertion and PublicKeyCredentialWithAttestation