Hosting digital asset link json file in a path instead of domain root?

1.1k views Asked by At

Has anyone tried hosting assetlinks.json file in a query path instead of domain root?

Background: We are currently working on Android FIDO Client implementation which interacts with custom FIDO server application.

Here is the codelab if you're interested to play around with Android FIDO2 https://codelabs.developers.google.com/codelabs/fido2-for-android/#2

Problem: If we host the file in some other location(aka query path), Google Fido2ApiClient throws an error.

SECURITY_ERR(18) : The incoming request cannot be validated

According to Google Digital Links documentation, they recommend assetlinks.json file to be hosted in domain root.

https://domain.name/.well-known/assetlinks.json

For security reasons, our SecOps team is not OK with the idea. So my ask to you is : Can we host this assetlinks.json file in a path like below?

https://domain.name/application/v1/.well-known/assetlinks.json

Advance thanks for your comments!

0

There are 0 answers