Fix property access for rpId

web-auth / webauthn-framework

FIDO-U2F / FIDO2 / Webauthn Framework

MIT License

397 stars 51 forks source link

Fix property access for rpId #546

Closed abcang closed 6 months ago

abcang commented 6 months ago

The instance of PublicKeyCredentialCreationOptions does not have the rpId property. I think it is correct to refer to rp->id instead.

In particular, it does not work well when the RP ID is a top-level domain such as example.com and the host using WebAuthn is a subdomain such as account.example.com.

Target branch: 4.8.x Resolves issue #

[x] It is a Bug fix
[ ] It is a New feature
[ ] Breaks BC
[ ] Includes Deprecations

Spomky commented 6 months ago

Hi,

Indeed I think you are right. Whate about $publicKeyCredentialOptions->id ?? $publicKeyCredentialOptions->rpId ?? $host; instead?

abcang commented 6 months ago

It looks good to do so if strict distinction is not necessary. I will make the change.

Spomky commented 6 months ago

Perfect. Many thanks