From 2fed02f4133aefc2c9792d673506d05fa2391d55 Mon Sep 17 00:00:00 2001
From: Daniel James Smith <djsmith85@users.noreply.github.com>
Date: Thu, 15 Jan 2026 14:39:28 +0100
Subject: [PATCH] Add documentation

---
 .../src/platform/services/fido2/domain-utils.ts  | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/libs/common/src/platform/services/fido2/domain-utils.ts b/libs/common/src/platform/services/fido2/domain-utils.ts
index 32eb3d5692b..bbd56a92d0d 100644
--- a/libs/common/src/platform/services/fido2/domain-utils.ts
+++ b/libs/common/src/platform/services/fido2/domain-utils.ts
@@ -2,6 +2,22 @@
 // @ts-strict-ignore
 import { parse } from "tldts";
 
+/**
+ * Validates whether a Relying Party ID (rpId) is valid for a given origin according to WebAuthn specifications.
+ *
+ * The validation enforces the following rules:
+ * - The origin must use the HTTPS scheme
+ * - Both rpId and origin must be valid domain names (not IP addresses)
+ * - Both must have the same registrable domain (e.g., example.com)
+ * - The origin must either exactly match the rpId or be a subdomain of it
+ * - Single-label domains are rejected unless they are 'localhost'
+ * - Localhost is always valid when both rpId and origin are localhost
+ *
+ * @param rpId - The Relying Party identifier to validate
+ * @param origin - The origin URL to validate against (must start with https://)
+ * @returns `true` if the rpId is valid for the given origin, `false` otherwise
+ *
+ */
 export function isValidRpId(rpId: string, origin: string) {
   if (!rpId || !origin) {
     return false;