rp
) corresponds to the application that will ask for the user to interact with the authenticator.Webauthn\PublicKeyCredentialRpEntity
.$rpEntity
object will be useful for the next steps.rp
. By default, the relying party ID is null
i.e. the current domain will be used.rp
ID, especially if your application has several sub-domains. The rp ID can be set during the creation of the object as 2nd constructor parameter.rp
ID shall be the domain of the application without the scheme, userinfo, port, path, user…. IP addresses are not allowed either.www.sub.domain.com
, sub.domain.com
, domain.com
www.sub.domain.com:1337
, https://domain.com:443
, sub.domain.com/index
, https://user:[email protected]
.localhost
can be used if the browser considers the context is safe (especially the IP address corresponds to a local address)my-app.com
.https://(www.)site1.host.com
and another at https://(www.)site2.host.com
, then the Relying Party IDs should be site1.host.com
and site2.host.com
respectively. If you set host.com
, there is a risk that users from site1.host.com
can log in at site2.host.com
.data
scheme.