ChallengeValidationErrorInvalidHomeDomain
extends ErrorException
in package
Exception thrown when the challenge transaction contains an invalid home domain.
Thrown when the first operation in the challenge transaction does not have a ManageData operation key matching the expected format "<home_domain> auth". This validation ensures that the challenge was generated for the correct service and prevents domain confusion attacks.
Security Implications: The home domain validation is critical for preventing phishing and domain substitution attacks. If a client accepts a challenge with the wrong home domain, it could inadvertently authenticate with a malicious server impersonating the legitimate service. This validation ensures the challenge was issued by the expected authentication server.
Common Scenarios:
- Challenge generated for wrong domain (e.g., "malicious.com auth" instead of "example.com auth")
- Malformed home domain string in the operation key
- Server misconfiguration returning challenges for incorrect domain
- Man-in-the-middle attack attempting to substitute domains