I'm having the problem with testing an app on localhost, but i suspect the same problem will happen on a production URL as well. So per specs the rp.id should not have ports specified. When I have it set to localhost I dont get any authorization request on my phone and I get the following error in console
ERROR Error: Uncaught (in promise): NotAllowedError: The operation either timed out or was not allowed. See: https://w3c.github.io/webauthn/#sec-assertion-privacy.
Yet if I set to locahost:44368 I get an authorization request, but the native browser extension fails with the following error
ERROR Error: Uncaught (in promise): SecurityError: The relying party ID 'localhost:44368' is not a registrable domain suffix of, nor equal to 'https://localhost:44368'.
So the whole cred creation fails.
Krypton should strip down ports from the URL when sending auth request.
I'm having the problem with testing an app on localhost, but i suspect the same problem will happen on a production URL as well. So per specs the
rp.id
should not have ports specified. When I have it set tolocalhost
I dont get any authorization request on my phone and I get the following error in consoleAnd in the stack trace we have:
Yet if I set to
locahost:44368
I get an authorization request, but the native browser extension fails with the following errorSo the whole cred creation fails.
Krypton should strip down ports from the URL when sending auth request.