Bug: Error on empty rp_id for CredentialCreationOptions - Githubissues

duo-labs / py_webauthn

Pythonic WebAuthn 🐍

https://duo-labs.github.io/py_webauthn

BSD 3-Clause "New" or "Revised" License

856 stars 171 forks source link

Bug: Error on empty rp_id for CredentialCreationOptions #204

Closed Chandra158 closed 8 months ago

Chandra158 commented 8 months ago

Overview

While upgrading from v1.11.1 -> v2.0.0, I got error in generate_registration_options for empty rp_id:

ValueError: rp_id cannot be an empty string

In the latest code, this is error while earlier it was working fine.

Webauthn-2 specs suggests that rp_id is optional:

Its value’s id member specifies the RP ID the credential should be scoped to. If omitted, its value will be the CredentialsContainer object’s relevant settings object's origin's effective domain. See § 5.4.2 Relying Party Parameters for Credential Generation (dictionary PublicKeyCredentialRpEntity) for further details.

MasterKale commented 8 months ago

Hello @Chandra158, I intentionally made RP ID a required value to force RPs to explicitly define it. Yes, the spec allows it to be optional but I wanted to avoid incorporating some of the ambiguity of RP ID rules in the spec into this library when I rewrote the library. I don't want to change this behavior right now so I'm closing this out.