fix: provide domain in session, passkey and u2f (#6097)

This fix provides a possibility to pass a domain on the session, which will be used (as rpID) to create a passkey / u2f assertion and attestation. This is useful in cases where the login UI is served under a different domain / origin than the ZITADEL API.
2025-08-11 19:17:32 +00:00 · 2023-06-27 14:36:07 +02:00
parent d0cda1b479
commit bd5defa96a
32 changed files with 287 additions and 123 deletions
--- a/internal/domain/human_web_auth_n.go
+++ b/internal/domain/human_web_auth_n.go
@@ -23,6 +23,7 @@ type WebAuthNToken struct {
 	AAGUID                 []byte
 	SignCount              uint32
 	WebAuthNTokenName      string
+	RPID                   string
 }

 type WebAuthNLogin struct {
@@ -32,6 +33,7 @@ type WebAuthNLogin struct {
 	Challenge               string
 	AllowedCredentialIDs    [][]byte
 	UserVerification        UserVerificationRequirement
+	RPID                    string
 }

 type UserVerificationRequirement int32