Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(protocol): allow absent relying party id #166

Open
wants to merge 2 commits into
base: master
Choose a base branch
from

Conversation

james-d-elliott
Copy link
Member

@james-d-elliott james-d-elliott commented Oct 1, 2023

This allows the use of a blank Relying Party ID which is permitted in the spec. This is a feature which is supported by level 1 and level 2 of the spec.

Closes #165

 This allows the use of a blank Relying Party ID which is permitted in the spec.
@james-d-elliott james-d-elliott requested a review from a team as a code owner October 1, 2023 01:01
This adds tests and validates another element of te requirements.
var uri *url.URL

if len(config.RPID) != 0 {
if uri, err = url.Parse(config.RPID); err != nil {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I am not sure if parsing RPID makes sense? This should be generally be a domain name? So parsing as URL has little sense. I see that it was done like this before.

Spec here mentions:

Though, the RP ID syntaxes MUST conform to either valid domain strings or URIs [RFC3986] [URL].

But the later, URIs is only allowed for "Other specifications mimicking the WebAuthn API to enable WebAuthn public key credentials on non-Web platforms".

So I am not sure, but there is no requirement that it should not be absolute?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

RP ID should be optional
2 participants