Yubico WebAuthN (U2F) - RPID vs AppId
Aravind Jerubandi
Emil Lundberg
There are two parts to the java-webauthn-server project: the library (webauthn-server-core) and the demo application (webauthn-server-demo).
The library always uses RP ID for registration; it does not support registration via the U2F API. U2F authenticators can always be used to register RP ID credentials, with no special configuration needed. Authenticating AppID credentials is supported via the appid extension, configured via the `appid(Optional<AppId>)` property on `RelyingParty.builder()`.
The demo application does support registering via the U2F API, but the logic for processing the U2F registration response is implemented in the application itself, outside the library.
If your application does not have users already registered with
AppID credentials, then you do not need to use the appid
extension.
--
You received this message because you are subscribed to the Google Groups "FIDO Dev (fido-dev)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to fido-dev+u...@fidoalliance.org.
To view this discussion on the web visit https://groups.google.com/a/fidoalliance.org/d/msgid/fido-dev/7a264152-6f79-4e22-9cf8-3d56b88f730b%40fidoalliance.org.
John Bradley
If you are using WebAuthn to create the cresdential on the authenticator RPID will be passed to the authenticator by the platform.
If you are using U2F to create the credential then AppID will be passed by the platform.
If you are using WebAuthn for get you need to pass the AppID for credentials created via U2F.
If you are using U2F for get and the credential was created via WebAuthn you should never do that because it wont work.
Once you move to WebAuthn for make Credential you must stop using
U2F for get assertion.
I hope that helps
John B.