Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: implement strict appid checking #22

Draft
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

james-d-elliott
Copy link
Member

Intention is to allow the implementation to decide if strict checking is necessary. The spec indicates that some clients may not provide the extension results making this potentially problematic so it should be something that can be turned off.

In addition we should probably take into consideration the fact that if the ClientExtensionOutputs is not provided that the device itself MAY have authenticated using the appID extension. But this may be a bit more work and security is paramount over compatibility.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant