I have setup a custom implementation using Okta Factors API for Webauthn. A user can enroll in Windows Hello, Touch ID, etc from within my app at ’ app.mysite.com’. When creating the webauthn credential, I have listed the Relying Party ID as ‘mysite.com’. I thought that by listing the Relying Party ID as ‘mysite.com’, then any attempt to verify webauthn under the domain ‘mysite.com’ such as at the subdomain ‘login.mysite.com’ (my custom domain url for the app in okta and where users login), that they would be able to use the same webauthn credential that they enabled ( Web Authentication: An API for accessing Public Key Credentials - Level 2). However, this does not appear to be the case. When a user goes to login.mysite.com, they cannot successfully authenticate the login with the same webauthn credential that they created at ‘app.mysite.com’. Instead, they get prompted to add a new, different webauthn credential such as a security key. Is there a solution for this issue? I’d like the user to be able to login with webauthn as well as use the same webauthn credential in the app for extra security measures. Has anyone been able to do this?
We recently added support for setting your own Relying Party in our January monthly release.
You can find details about this in our WebAuthn documentation here.