Multi-tenancy and associated domains

[tladesignz]

In our wrapper apps, we use 2 features, where we need so called "associated domains".

1. The OS should redirect links in websites which point to the associated domains to our app instead. (E.g. "Log in with wwWallet" buttons)
2. Webauthn/FIDO credentials need to be associated with a domain to be stored. For login, this info is used by the OS to select the needed credentials. (This is not optional as with username/passwords!)

iOS

To achieve this association two things are necessary:

1. At the website, there needs to be a configuration file at a special place mentioning the allowed app IDs.
   Example: https://demo.wwwallet.org/.well-known/apple-app-site-association
2. The app needs to mention the fully-qualified domain in its configuration at build time:

• https://github.com/wwWallet/wallet-ios-wrapper/blob/main/wwWallet-Info.plist#L24-L30
• https://github.com/wwWallet/wallet-ios-wrapper/blob/main/wwWallet/wwWallet.entitlements#L5-L15

iOS then checks on app install, if the associated domains are valid and registers everything.

Documentation: https://developer.apple.com/documentation/Xcode/supporting-associated-domains

=> THIS CANNOT BE DONE ON RUNTIME, NOR CAN IT BE DONE FOR ALL SUBDOMAINS AT ONCE!

Android

On Android, this feature is called "app links" or "asset links".

1. A file needs to be placed at a known-before location. Example: https://demo.wwwallet.org/.well-known/assetlinks.json
2. The app needs to mention the fully-qualified domain in its configuration at build time:

• https://github.com/wwWallet/wallet-android-wrapper/blob/main/wrapper/src/main/AndroidManifest.xml#L59-L68
• https://github.com/wwWallet/wallet-android-wrapper/blob/main/wrapper/src/main/AndroidManifest.xml#L78-L87

Android then checks on app install, if the associated domains are valid and registers everything.

Documentation: https://developer.android.com/training/app-links/about#how-app

=> AGAIN, THIS CANNOT BE DONE ON RUNTIME, NOR CAN IT BE DONE FOR ALL SUBDOMAINS AT ONCE!

Potential Solutions

We keep a buffer number of subdomains registered in the app and use these for new customers. When the buffer runs low, we publish new app versions with increased buffer.

Pro: Works

Con:

• Weird domains ("customer122.siros.org") will show up in places (e.g. in password manager or Yubikey, in links to app.)
• Subdomains need to be set up in advance. (well-known files!)
• App needs to be updated with new customers

Every tenant is hosted under same domain

Pro: No app and subdomain management needed

Con:

• Web frontend needs to be tenant-aware.
• Different login credentials will all have the same domain, might become hard for user to choose the right one.

Related issues: #12 , wwWallet/wallet-android-wrapper#34

[nvoutsin]

Can’t we use a wildcard for the 3rd-level domain, such as applinks:*.siros.org?

[tladesignz]

Can’t we use a wildcard for the 3rd-level domain, such as applinks:*.siros.org?

No.

=> AGAIN, THIS CANNOT BE DONE ON RUNTIME, NOR CAN IT BE DONE FOR ALL SUBDOMAINS AT ONCE!