Replies: 1 comment
-
Also note: I don't plan on doing this before I tag a stable release, so I'll have to take that into consideration and make sure it's not a breaking change if I'm able to accomplish it. |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Webauthn/Passkeys are strictly bound to a single tld, and I don't believe there are any plans on changing that. This is fine for most sites, but for multi-domain, multi-tenant apps this can cause issues if a user account has access to more than one tenant site at a time.
I haven't found a good way to work around that yet, however I do have an idea of possibly wrapping webauthn in the mfa challenge and sudo challenges inside an iframe that has a source of a configurable webauthn domain or something for the application. The thing I don't like about this is that iframes can be complicated sometimes, and communicating with them isn't always the easiest. Plus, some browsers (i.e. Safari) have issues with them sometimes if not implemented correctly.
I'm also not 100% if an iframe will solve this issue, but I do want to look into it in the future. If anybody out there has any suggestions or alternatives to this, I'd definitely be open to them.
Beta Was this translation helpful? Give feedback.
All reactions