- From: Emil Lundberg via GitHub <sysbot+gh@w3.org>
- Date: Fri, 27 Sep 2024 13:38:46 +0000
- To: public-webauthn@w3.org
In my implementation experience, challenges typically need to be associated with a particular session so that the server can verify that the assertion is signed over the expected challenge for that session. How would this association be expressed in a `challengeUrl`? I'm guessing you'd have to use either query parameters or a session cookie? -- GitHub Notification of comment by emlun Please view or discuss this issue at https://github.com/w3c/webauthn/issues/2152#issuecomment-2379309808 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Friday, 27 September 2024 13:38:47 UTC