Hello,
I'm failing to accept fido2 credentials created by a native Android application, due to an unexpected rpOrigin.
The tech stack:
Kotlin android client using Fido2ApiClient , associated to a website following the website interoperability guidelines
NodeJS server using fido2-lib
While fido2-lib only accepts rpOrigins that follow the https protocol , the clientDataJSON returned from the Fido2ApiClient holds an rpOrigin property that follows the Android FacetID - android:apk-key-hash:<apk-cert-hash> .
Is there an option to modify the Android's challenge response to have an https rpOrigin without using a browser's webauthn interface? OR - is there a known solution for the server side to accept non https rpOrigin s ?
It's not an issue per se. Android and iOS handle app to web origin binding in different ways.
tim
--
You received this message because you are subscribed to the Google Groups "FIDO Dev (fido-dev)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to
fido-dev+u...@fidoalliance.org.
To view this discussion on the web visit
https://groups.google.com/a/fidoalliance.org/d/msgid/fido-dev/43d0addc-c892-4dd6-9a15-790458d9f62dn%40fidoalliance.org.