WebAuthn

RP ID / Origin Validator

Test whether a WebAuthn rpId is allowed for a given origin. Encodes the §5.1.3 registrable-domain-suffix rule, the HTTPS requirement, and PSL constraints — useful when planning multi-host SSO with shared passkeys.

Input

Origin (e.g. https://login.example.com)rpId (e.g. example.com — leave blank to default to origin host)

Verdict

Enter origin and rpId.

All decoding runs locally.

About RP ID

The RP ID is the scope of a WebAuthn credential. Browsers enforce that the rpId is a registrable domain suffix of the origin host, with HTTPS as a prerequisite (localhost is the only HTTP exception). Pick the broadest scope you want credentials to roam across — typically your apex domain.

Spec

WebAuthn Level 2 §5.1.3.

Companion

clientDataJSON decoder

Reading

Designing enterprise passwordless systems