Hacker News new | past | comments | ask | show | jobs | submit login

The signed assertion includes the clientDataJSON, which contains the origin of the relying party. Assuming the server properly validates that assertion, it should prevent the use of a phished assertion by a third party.

https://developer.mozilla.org/en-US/docs/Web/API/Web_Authent...




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: