Passkeys Developer Resources
Replies: 1 comment
-
Capablities are added to WebAuthn based on demand from Relying Parties and the wider ecosystem. Related Origin Requests was added to address a similar use case for large organizations with global presence. A general comment: an IdP domain becoming inaccesible is a pretty major event and users associate services with domain names. Changing the domain out from under the user doesn't seem like the best approach. |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
Enable WebAuthn/FIDO2 credentials to support domain migration by embedding a service-specific public key during credential creation. This key would allow the service to sign migration requests for a new RP ID, which the authenticator could verify.
This could support domain changes even if the original domain ins inaccessible. It seems like currently there would have to be a transition period, where the original rp hosts a related origin list and the users have to actively migrate their credentials. Especially when Passkeys are used as single credential this could be extremely frustrating for all the users that can't migrate in time…
(Is there a reason this isn't implemented? Or is there currently a way that I am unaware of?)
Beta Was this translation helpful? Give feedback.
All reactions