Replies: 1 comment
-
|
Hello @kokhoor, unfortunately you won't be able to achieve that separation of credentials within the capabilities of WebAuthn. I just tested to confirm myself: if I host the SimpleWebAuthn example site at http://localhost:8000/demoA,
You'll need to implement your own logic to check the request URL for the various options and verification requests you wire up with SimpleWebAuthn, and namespace your responses accordingly. For example, if a request comes in to https://mysite/demoA/generate-authentication-options then you'll need to be able to recognize "demoA" in the request path and only include credentials that include a "demoA" value in whatever column you'd use to track for which site the credential is valid for use. Does that make sense? If you want to achieve this within the confines of WebAuthn's abilities then you'd need to rearchitect your site hosting to use subdomains instead. Then you can use the subdomains as tightly scoped RP IDs instead, so that credentials registered with an RP ID of |
Beta Was this translation helpful? Give feedback.
-
In our web server domain, we segregate different paths to different web applications with their own user credentials and setup.
Example is: https://mysite/demoA and https://mysite/demoB
Is it possible to add realm or path support and make authentication (at the moment we're focusing on passkey)?
For example a user can have login credential to both https://mysite/demoA and https://mysite/demoB but when registering and authenticating, both should be treated as separate websites and thus the authentication user selection in passkey for example, should list those credentials for a particular site (say demoA) when the user is authenticating into demoA.
Thanks.
Beta Was this translation helpful? Give feedback.
All reactions