Anders Rundgren
unread,Nov 18, 2022, 11:06:32 AM11/18/22Sign in to reply to author
Sign in to forward
You do not have permission to delete messages in this group
Sign in to report message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to FIDO Dev (fido-dev), Shane Weeden, FIDO Dev (fido-dev), Anders Rundgren
Thanx Shane,
I did simply download the release fido2.apk and installed in Android 7 and 10.
It did not work at all, while the Web version did.
I still don't understand how web assets are supposed to work:
[{"relation":["delegate_permission/common.handle_all_urls","delegate_permission/common.get_login_creds"],
{"relation":["delegate_permission/common.handle_all_urls","delegate_permission/common.get_login_creds"],"
target":{"namespace":"android_app","package_name":"com.example.android.fido2","sha256_cert_fingerprints":["47:CC:4E:EE:B9:50:59:A5:8B:E0:19:45:CA:0A:6D:59:16:F9:A9:C2:96:75:F8:F3:64:86:92:46:2B:7D:5D:5C"]}}]
How do "web" and "android_app" relate to each other?
To put it differently: If this declaration permits apps to login to any domain, this would be a major security issue.
API-wise it seems that you can specify whatever rpId you want:
Anders