Re: [webauthn] Being able to access the same public key credentials across different domains (#1827)

Thanks @herrjemand,

> The credential is locked to the RPID id. RP can manipulate it within the scope of one eTLD example.com, login.example.com, very.long.sub.domain.example.com.

Is this performed automatically behind the scene or is there specific parameters that need to be set to allow sub-domain public key credentials persistence?

> FIDO/WebAuthn solves authentication problem. For inter-domain authorization there are OIDC, and if you really have to SAML. Additionally you can do credential.get through iFrame, so login via iFrame.

Thanks, I think I'd opt for iFrame to develop an initial Proof of Concept. Would a browser extension be considered a persistent RPID? 

Btw, thanks for the super fast reply. Such support is not common, and it's an amazing incentive for devs to use this standard. 

-- 
GitHub Notification of comment by enricobottazzi
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1827#issuecomment-1321892308 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Monday, 21 November 2022 11:14:54 UTC