Closed Chandra158 closed 8 months ago
Hello @Chandra158, I intentionally made RP ID a required value to force RPs to explicitly define it. Yes, the spec allows it to be optional but I wanted to avoid incorporating some of the ambiguity of RP ID rules in the spec into this library when I rewrote the library. I don't want to change this behavior right now so I'm closing this out.
Overview
While upgrading from
v1.11.1
->v2.0.0
, I got error ingenerate_registration_options
for emptyrp_id
:In the latest code, this is error while earlier it was working fine.
Webauthn-2 specs suggests that
rp_id
is optional:Its value’s id member specifies the RP ID the credential should be scoped to. If omitted, its value will be the CredentialsContainer object’s relevant settings object's origin's effective domain. See § 5.4.2 Relying Party Parameters for Credential Generation (dictionary PublicKeyCredentialRpEntity) for further details.