Closed iain closed 2 years ago
Thanks for the report. I'll work on fixing this in a couple days.
Sorry I haven't been able to get to this yet. I'm hoping to get to this later this week. In any case, it will be fixed before the next release, which should be sometime next week.
The default value for
webauthn_rp_id
includes the port number (e.g.localhost:9292
). This is not allowed according to the spec.Source: https://www.w3.org/TR/webauthn-2/#relying-party-identifier
This will most likely be a problem during development, where custom ports are common.
I suggest the default implementationof
webauthn_rp_id
also removes/:\d+\z/
from thewebauthn_origin
value, or maybe a note in the docs if that is not a good solution.