Post

Replies

Boosts

Views

Activity

Reply to While running passkey with native api, what type (or format) of origin information returned in ClientDataJSON?
If the origin is same with the one from the web context, RP backend server has no way to verify the api caller's origin. Since the native API is triggered by the native app, I'm thinking that it's better returning application specific information in the origin rather than just "https://" + rpID. Android native FIDO2 API returns apk certificate hash and Apple app attest also returns bundle id.
Nov ’22
Reply to Regarding passkey modal title
I was thinking that it would be good to have this features in WebAuthn API, so I file the issue in the WebaAuthn github. Please refer this: https://github.com/w3c/webauthn/issues/1823 If you need for me to file this through Feedback assistant, please let me know. Thanks for your interest.
Nov ’22