From 2de66f215be069c3e65b0e926ae34ea7efa01e46 Mon Sep 17 00:00:00 2001 From: Emil Lundberg Date: Mon, 25 Nov 2024 16:37:54 +0100 Subject: [PATCH] Accept WebAuthn origin from Android wrapper app --- src/routers/user.router.ts | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/routers/user.router.ts b/src/routers/user.router.ts index 68ea64f..9815c3e 100644 --- a/src/routers/user.router.ts +++ b/src/routers/user.router.ts @@ -165,7 +165,10 @@ noAuthUserController.post('/register-webauthn-finish', async (req: Request, res: clientExtensionResults: credential.clientExtensionResults, }, expectedChallenge: base64url.encode(challenge.challenge), - expectedOrigin: config.webauthn.origin, + expectedOrigin: [ + config.webauthn.origin, + "android:apk-key-hash:DEvegOak87MZWC6pGyDa3hqKnNwptRv8iTeQssaM2ME", // TODO: Extract to config? + ], expectedRPID: config.webauthn.rp.id, requireUserVerification: true, });