Passkeys registered for a subdomain are offered for parent domain

Open ttunturi opened this issue 1 month ago • 1 comments

Checks

[x] I have read the Wiki, searched the open issues, and still think this is a new bug.

Explain the problem clearly and succinctly:

I have passkeys registered for login.example.com and test.login.example.com. When I try to log in to login.example.com I am also presented the passkeys for test.login.example.com to choose from.

Describe what you expected to happen:

Passkeys registered for a subdomain would not be offered as a choice for logging in to parent domain.

KeePassDX version:

4.2.4

Build:

Free

Database version:

No response

File provider (`content://` URI)

No response

Android version:

No response

Android device:

No response

Additional context:

No response

Nov 24 '25 04:11 ttunturi

The bug is very simple, it's just a search that uses “contains” rather than an exact match in relying party field. This should work after the correction, but the field must be exact match without protocol.

Nov 26 '25 11:11 J-Jamet

Passkeys registered for a subdomain are offered for parent domain

Checks

Explain the problem clearly and succinctly:

Describe what you expected to happen:

KeePassDX version:

Build:

Database version:

File provider (content:// URI)

Android version:

Android device:

Additional context:

File provider (`content://` URI)