search

w3c / secure-payment-confirmation

Secure Payment Confirmation (SPC)
https://w3c.github.io/secure-payment-confirmation/
Other
106 stars 48 forks source link

Require Relying Party ID as input #173

Closed nickburris closed 2 years ago

nickburris commented 2 years ago

Add a required input to SecurePaymentConfirmationRequest for the relying party ID. If the requested credentials do not have a matching RP ID, then the authentication will fail in the "Verifying an Authentication Assertion" steps.

Before UI is shown, i.e. in "Steps to check if a payment can be made", the input rpId is only checked to be a valid URL. This ensures that this is a breaking change before any UI is shown. The actual validation of the RP ID happens during authentication.

Issue #164

Preview | Diff

ianbjacobs commented 2 years ago

cc @ACathelin

nickburris commented 2 years ago

Going to merge this one now given no further comments. Thanks for the reviews!