#[cfg_attr(feature = "api-types", derive(Updater))]
/// Server side webauthn server configuration.
#[derive(Clone, Deserialize, Serialize)]
-#[serde(deny_unknown_fields)]
+#[serde(deny_unknown_fields, rename_all = "kebab-case")]
pub struct WebauthnConfig {
/// Relying party name. Any text identifier.
///
///
/// Changing this *will* break existing credentials.
pub id: String,
+
+ /// If an `origin` is specified, this specifies whether subdomains should be considered valid
+ /// as well.
+ ///
+ /// May be changed at any time.
+ ///
+ /// Defaults to `true`.
+ #[serde(skip_serializing_if = "Option::is_none")]
+ pub allow_subdomains: Option<bool>,
}
impl WebauthnConfig {
.ok_or_else(|| format_err!("missing webauthn origin"))?,
rp: &self.rp,
id: &self.id,
+ allow_subdomains: self.allow_subdomains.unwrap_or(true),
})
}
}
rp: &'a str,
origin: &'a Url,
id: &'a str,
+ allow_subdomains: bool,
}
/// For now we just implement this on the configuration this way.
fn get_relying_party_id(&self) -> &str {
self.id
}
+
+ fn allow_subdomains_origin(&self) -> bool {
+ self.allow_subdomains
+ }
}
/// A webauthn registration challenge.