search

jeremyevans / rodauth

Ruby's Most Advanced Authentication Framework
http://rodauth.jeremyevans.net
MIT License
1.65k stars 95 forks source link

[POC] Use `WebAuthn::RelyingParty` #398

Closed santiagorodriguez96 closed 4 months ago

santiagorodriguez96 commented 4 months ago

Motivation/Background

Rodauth currently overrides internal WebAuthn methods in order to be able to allow for multiple origins. This feature is officially supported by webauthn gem starting in its version v3 so we should be able to avoid overriding WebAuthn internal methods.

Details

This PR just changes to use the new webauthn instance based configuration to support for multiple origins. It feels to me that that should be all you need to do, but I might be missing something.

It also bumps webauthn required version to v3, but it shouldn't be hard to maintain compatibility with v2 if desired as v3 is backwards compatible.

Furthermore, nothing changes that much from v2 besides the required ruby version going from 2.3 in webauthn v2.0.0 to 2.5 in webauthn v3.0.0.

jeremyevans commented 4 months ago

Awesome, thanks for your work on this! I would like to keep webauthn v2 support, at least until Rodauth 3.

jeremyevans commented 4 months ago

I've merged this with the webauthn v2 compatibility changes, and then did a little refactoring: 99a986f92175efd623ad201084185446bc627835