|
4 | 4 |
|
5 | 5 | Which approach suits best your needs will depend on the architecture of your application and how do your users need to register and authenticate to it. |
6 | 6 |
|
7 | | -If you have a multi-tenant application, or any application segmenation, where your users register and authenticate to each of these tenants or segments individuallly using different hostnames, or with different security needs, you need to go through [Instance Based Configuration](#instance-based-configuration). |
| 7 | +If you have a multi-tenant application, or any application segmentation, where your users register and authenticate to each of these tenants or segments individually using different hostnames, or with different security needs, you need to go through [Instance Based Configuration](#instance-based-configuration). |
8 | 8 |
|
9 | | -However, if your application is served for just one hostname, or else if your users authenticate to only one subdmain (e.g. your application serves www.example.com and admin.example.com but all you users authenticate through auth.example.com) you can still rely on one [Global Configuration](../README.md#configuration). |
| 9 | +However, if your application is served for just one hostname, or else if your users authenticate to only one subdomain (e.g. your application serves www.example.com and admin.example.com but all your users authenticate through auth.example.com) you can still rely on one [Global Configuration](../README.md#configuration). |
10 | 10 |
|
11 | 11 | If you are still not sure, or want to keep your options open, be aware that [Instance Based Configuration](#instance-based-configuration) is also a valid way of defining a single instance configuration and how you share such configuration across your application, it's up to you. |
12 | 12 |
|
13 | 13 |
|
14 | 14 | ## Instance Based Configuration |
15 | 15 |
|
16 | | -Intead of the [Global Configuration](../README.md#configuration) you place in `config/initializers/webauthn.rb`, |
| 16 | +Instead of the [Global Configuration](../README.md#configuration) you place in `config/initializers/webauthn.rb`, |
17 | 17 | you can now have an on-demand instance of `WebAuthn::RelyingParty` with the same configuration options, that |
18 | | - you can build anywhere in you application, in the following way: |
| 18 | + you can build anywhere in your application, in the following way: |
19 | 19 |
|
20 | 20 | ```ruby |
21 | 21 | relying_party = WebAuthn::RelyingParty.new( |
@@ -57,7 +57,7 @@ Intead of the [Global Configuration](../README.md#configuration) you place in `c |
57 | 57 |
|
58 | 58 | ## Instance Based API |
59 | 59 |
|
60 | | -**DISCLAIMER: This API was released on version 3.0.0.alpha1 and is still under evaluation. Although it has been throughly tested and it is fully functional it might be changed until the final release of version 3.0.0.** |
| 60 | +**DISCLAIMER: This API was released on version 3.0.0.alpha1 and is still under evaluation. Although it has been thoroughly tested and it is fully functional it might be changed until the final release of version 3.0.0.** |
61 | 61 |
|
62 | 62 | The explanation for each ceremony can be found in depth in [Credential Registration](../README.md#credential-registration) and [Credential Authentication](../README.md#credential-authentication) but if you choose this instance based approach to define your WebAuthn configurations and assuming `relying_party` is the result of an instance you get through `WebAuthn::RelyingParty.new(...)` the code in those explanations needs to be updated to: |
63 | 63 |
|
@@ -159,7 +159,7 @@ begin |
159 | 159 | # Continue with successful sign in or 2FA verification... |
160 | 160 |
|
161 | 161 | rescue WebAuthn::SignCountVerificationError => e |
162 | | - # Cryptographic verification of the authenticator data succeeded, but the signature counter was less then or equal |
| 162 | + # Cryptographic verification of the authenticator data succeeded, but the signature counter was less than or equal |
163 | 163 | # to the stored value. This can have several reasons and depending on your risk tolerance you can choose to fail or |
164 | 164 | # pass authentication. For more information see https://www.w3.org/TR/webauthn/#sign-counter |
165 | 165 | rescue WebAuthn::Error => e |
|
171 | 171 |
|
172 | 172 | Adding a configuration for a new instance does not mean you need to get rid of your Global configuration. They can co-exist in your application and be both available for the different usages you might have. `WebAuthn.configuration.relying_party` will always return the global one while `WebAuthn::RelyingParty.new`, executed anywhere in your codebase, will allow you to create a different instance as you see the need. They will not collide and instead operate in isolation without any shared state. |
173 | 173 |
|
174 | | -The gem API described in the current [Usage](../README.md#usage) section for the [Global Configuration](../README.md#configuration) approach will still valid but the [Instance Based API](#instance-based-api) also works with the global `relying_party` that is maintain globally at `WebAuthn.configuration.relying_party`. |
| 174 | +The gem API described in the current [Usage](../README.md#usage) section for the [Global Configuration](../README.md#configuration) approach will still be valid but the [Instance Based API](#instance-based-api) also works with the global `relying_party` that is maintained globally at `WebAuthn.configuration.relying_party`. |
0 commit comments