Closed Elolawyn closed 6 months ago
hi @Elolawyn
the result you receive from the RegistrationRequest on Android seems correct to me. Android uses the SHA-256 hash of the signing certificate used when building ur APK. You can read more about it here.
In your case you could add that android:apk-key-hash:HASH
origin to the list of allowed origins in your backend, or pass info about the used platform (Android, iOS, Web) alongside the registration result when sending it to the server. Then just verify using the corresponding origin of the platform.
Thanks for the answer.
Hi, I am executing a demo with this library using
fido2-lib
on the backend with mocked data. I have theassetlinks.json
and theapple-app-site-association
and the devide is aking me to generate or use passkey when i press the buttons that execute the methods this library is providing so everything seems to be working fine but I have one question regarding theorigin
this library provides in the result returned by the methods.The registrationRequest the library is using, given by the
fido2-lib
's methodattestationOptions
contain the following information:On iOS, the
PasskeyRegistrationResult
the library is returning provided me the followingclientDataObj
:https://my-web.com
is a backend serving the android and ios files properly.apple-app-site-association
assetlinks.json
So when i compare this info against what my backend should have everything works fine. The
fido2-lib
method is working:However, on android, the library returns the following
clientDataObj
:The
attestationResult
method returnsError: clientData origin did not match expected origin
.I know this might be more on the
fido2-lib
side of things, and i will ask them too but, is thePasskeyRegistrationResult
returned by the library on android the way it should be? Is the library getting the info about the origin from those files served by the backend?