Cross Origin Authentication

Please refer to this page to know more about the Cross Origin Authentication.

Configuration

The configuration of the allowed domains can be done as follows.

config/packages/webauthn.yaml
webauthn:
    allowed_origins:
        - 'https://acme.com'
        - 'https://acme.fr'
        - 'android:apk-key-hash://your-app-hash'
        - 'ios:bundle-id://your.bundle.id'
    allow_subdomains: true

Allowed Origins Endpoint

When the allowed_origins parameter is set, the path /.well-known/webauthn is enabled. This path returns a JSON object with allowed domains.

Last updated

Was this helpful?