Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Consider supporting Relay Party origin + RP ID assertion #3

Open
tarrencev opened this issue Aug 29, 2022 · 0 comments
Open

Consider supporting Relay Party origin + RP ID assertion #3

tarrencev opened this issue Aug 29, 2022 · 0 comments
Labels
help wanted Extra attention is needed question Further information is requested

Comments

@tarrencev
Copy link
Contributor

tarrencev commented Aug 29, 2022
edited
Loading

Step 13 of the webauthn assertion verification dance states

Verify that the value of C.origin matches the Relying Party's origin.

Step 15 states:

Verify that the rpIdHash in authData is the SHA-256 hash of the RP ID expected by the Relying Party.

This is not currently enforced and I'm not sure it is necessary, given the configuration we're using where the Relay Party is a Starknet smart contract.
@tarrencev tarrencev changed the title Consider supporting Relay Part origin assertion Consider supporting Relay Party origin assertion Aug 29, 2022
@tarrencev tarrencev added help wanted Extra attention is needed question Further information is requested labels Aug 29, 2022
@tarrencev tarrencev changed the title Consider supporting Relay Party origin assertion Consider supporting Relay Party origin + RP ID assertion Aug 29, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
help wanted Extra attention is needed question Further information is requested
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@tarrencev