How to go about supporting multiple origins if my service is hosted in multiple domains?
Example: I've a service called MyJuiceShop and it's available in myjuiceshop.com and also in myjuiceshop.jp. Users can login at both the domains.
Current implementation with username/password works as it queries the same database.
For Passkeys implementation, how should I go about it as relying party?
My concern here is that Passkey is tied to the origin/domain in User's device. If a user is visiting myjuiceshop.jp and has registered a Passkey with this domain, they'll not be prompted with a Passkey suggestion when they try to login while visiting myjuiceshop.com.
Is it possible to register at one domain (*.com) and available at other domains where my service is hosted (*.jp, *.au, etc) ?
I'm thinking to redirect users to a single domain (say *.com) from all other domains during registration phase. But, this will not solve the problem during login phase from other domains.
As you've mentioned, as of now, there is no such flexibility in the WebAuthn specs.
There are couple of options here.
The WebAuthn WG has been considered to have more flexible way to support multiple domains. So, if you can wait for the such work, you'd better to leverage the new way.