WebAuthn development on localhost

Question

• I'm trying to develop website authentication using WebAuthn. Unfortunately I've run into a problem. When calling navigator.credentials.create I get the following error:

  SecurityError: The relying party ID 'https://localhost:7000' is not a registrable domain suffix of, nor equal to 'https://localhost:7000'.

Does this really mean I cannot develop WebAuthn from localhost? I'm using Chrome70 beta by the way. Seems kinda insane that I have to develop on a real domain, debugging and development would become a nightmare.

Any ideas about this? Is localhost really forbidden in WebAuthn?

Thanks

Answer 1

THere are two ways to get rid of this error message:

• You don't set the RP ID in the options. In this case it will use the current domain, which is localhost
• Or you set the RP ID to a valid domain as per the URL specification i.e. no scheme, no port, no user, no password, no path and in this case it is also localhost

More information about the RP ID in the Webauthn specification