fix: host passkey login

apps/login/readme.md

@@ -393,4 +393,3 @@ In future, self service options to jump to are shown below, like:
 - loginSettings.disableLoginWithPhone
 - loginSettings.allowExternalIdp - this will be deprecated with the new login as it can be determined by the available IDPs
 - loginSettings.forceMfaLocalOnly
-- loginSettings lifetimes - all besides Multifactor Init Check can be implemented. for the Init Check, an external storage or a timestamp has to be implemented which keeps track of the last verification

apps/login/src/lib/server/session.ts

@@ -14,6 +14,7 @@ import { Duration } from "@zitadel/client";
 import { RequestChallenges } from "@zitadel/proto/zitadel/session/v2/challenge_pb";
 import { Session } from "@zitadel/proto/zitadel/session/v2/session_pb";
 import { Checks } from "@zitadel/proto/zitadel/session/v2/session_service_pb";
+import { headers } from "next/headers";
 import { redirect } from "next/navigation";
 import { getNextUrl } from "../client";
 import {
@@ -144,8 +145,7 @@ export async function updateSession(options: UpdateSessionCommand) {
           return Promise.reject(error);
         });
 
-  // TODO remove ports from host header for URL with port
+  const host = (await headers()).get("host");
-  const host = "localhost";
 
   if (
     host &&
@@ -154,6 +154,7 @@ export async function updateSession(options: UpdateSessionCommand) {
     !challenges.webAuthN.domain
   ) {
     const [hostname, port] = host.split(":");
+
     challenges.webAuthN.domain = hostname;
   }