Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

rpid should be rpId #12

Closed
vixducis opened this issue May 27, 2019 · 2 comments
Closed

rpid should be rpId #12

vixducis opened this issue May 27, 2019 · 2 comments

Comments

@vixducis
Copy link

In webauthn.php, there's following code:
$publickey->rpid = str_replace('https://', '', $this->appid);

This rpid key is directly used for the challenge in the authentication request. However, at least a few browsers treat the json key case-sensitively and the authenticator will not be able to find any of the IDs that were provided. This should fix the issue:
$publickey->rpId = str_replace('https://', '', $this->appid);
@benjamindoe
Copy link
Contributor

benjamindoe commented Aug 9, 2019
edited
Loading

Do you have an example of where this causes issues? Or do you have a link to the spec where it specifies rpId to be uppercase?

To my understanding rp would be an object anyway and therefore would be need to be accessed by rp.id.

This does mean though that the package would need to change rpid to rp->id

EDIT

I found the piece of info on Moz:
https://developer.mozilla.org/en-US/docs/Web/API/PublicKeyCredentialRequestOptions/rpId

@vixducis
Copy link
Author

Indeed, the moz article is correct. This library currently contains the lowercase rpid, while it should be rpId.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@vixducis @benjamindoe