upon further investigation, the origin is the extension (which makes sense since this is an extension api), but with webauthn if the origin is chrome-extension://, you have to drop the rp: id field, otherwise the navigator won't pop the enroll modal.
When we do drop the `rp: id`, the modal pops and we create a new pub key via the local chrome instance, but the remote chrome complains that the origin is wrong for the created key. This lead us to discover y'all are using *remoteDesktopClientOverride extension to webauthn, which isn't mentioned at all in the *webAuthenticationProxy extension api. At this point, I would guess zero other developers on the web have used this api -- but I think everyone would benefit if y'all added documentation / a simple explainer on how the chrome.webAuthenticationProxy api is supposed to work e2e: is it only to be used with ctap2 authenticators? what are the remoteDesktopClientOverride settings? How do you set the rp:id when the origin is chrome-extension://? On Tuesday, July 23, 2024 at 1:45:30 AM UTC-7 polyset wrote: > we implemented the webAuthenticationProxy using wss, and get the attached > secure origin error (see screenshot for details): > > ``` > error: public key creds are only available to https origins with valid > certs, http localhost, or pages served from extensions. > ``` > > why would wss not be considered a secure origin in this case? chrome had > the cert before it was upgraded > > > > [image: authproxy.png] > -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/979b8dc9-664f-4180-9155-3cd2fa98f11cn%40chromium.org.
