#94 Check for known android key hashes

lbuchs / WebAuthn

A simple PHP WebAuthn (FIDO2/Passkey) server library

https://webauthn.lubu.ch

MIT License

419 stars 75 forks source link

#94 Check for known android key hashes #95

Closed xellio closed 1 day ago

xellio commented 3 weeks ago

If the origin starts with android:apk-key-hash:, it will check for the allowed/known android key hashes instead of checking the expected origin URL for the RP ID

wussler commented 2 weeks ago

Hello @lbuchs, would you please have the time to check this out?

lbuchs commented 1 day ago

Thanks!