Re: [webauthn] Note on "RP ID" is confusing

That note confuses me as well. :)

Can we make its points more directly as follows:

Note that an RP ID is a domain string only, and does not mention a scheme or port number as an origin does. The RP ID of a PublicKeyCredential sets it scope, i.e. it determines the origins on which it may be exercised as follows:

 - The RP ID must be equal to the origin's effective domain, or a registrable suffix of the origin's effective domain.

 - The origin's scheme must be 'https'.

 - The origin's port number is unrestricted.

This is done in order ...

(+1 for adding examples as engedy@ suggests.)


GitHub Notification of comment by arnar
Please view or discuss this issue at using your GitHub account

Received on Monday, 25 June 2018 18:02:22 UTC