Learn how to properly configure the RPID (Relying Party Identifier) for your application, especially when managing both web and native/mobile applications.
Use this file to discover all available pages before exploring further.
Try Demo
Talk to Adoption Engineer
Whitepaper
The RPID (Relying Party Identifier) is a crucial security parameter in passkey authentication that defines which domains and applications can access your passkeys. Similar to how a cookie domain determines where a cookie can be used (read and written), the RPID determines where your passkeys can be used.Proper RPID configuration is essential for ensuring seamless passkey functionality across your web and native/mobile applications. For additional information, please refer to the official WebAuthn specification.You can configure the RPID in the Corbado Management Console. Review the following pages to understand how RPID validation functions and what key considerations apply to your application type:
Web Applications
Configure RPID to match your web application’s domain or a parent domain for consistent passkey access across subdomains.
Native/Mobile Applications
Set up RPID to enable passkey sharing between your web and native/mobile applications while maintaining security boundaries.
