RPID Configuration Overview

The RPID (Relying Party Identifier) is a crucial security parameter in passkey authentication that defines which domains and applications can access your passkeys. Similar to how a cookie domain determines where a cookie can be used (read and written), the RPID determines where your passkeys can be used. Proper RPID configuration is essential for ensuring seamless passkey functionality across your web and native/mobile applications. For additional information, please refer to the official WebAuthn specification. You can configure the RPID in the Corbado Management Console. Review the following pages to understand how RPID validation functions and what key considerations apply to your application type:

Web Applications

Configure RPID to match your web application’s domain or a parent domain for consistent passkey access across subdomains.

Native/Mobile Applications

Set up RPID to enable passkey sharing between your web and native/mobile applications while maintaining security boundaries.

clientState Web Application

Overview

Flows

Architecture

Web UI Components

Integration

Features

Concepts

Helpful Guides

Security & Compliance

RPID Configuration Overview

Web Applications

Native/Mobile Applications