Merge branch 'task/webauthn-rporigins' into staging

Author: jurajhilje

api/internal/middleware/auth/auth.go

@@ -139,9 +139,9 @@ func NewCookiePASession(id string) *fiber.Cookie {
 func NewWebAuthn(cfg config.APIConfig) *webauthn.WebAuthn {
 	var webAuthn *webauthn.WebAuthn
 	config := &webauthn.Config{
-		RPDisplayName: cfg.Name,                     // Display Name for your site
-		RPID:          cfg.FQDN,                     // Generally the FQDN for your site
-		RPOrigins:     []string{cfg.ApiAllowOrigin}, // The origin URLs allowed for WebAuthn requests
+		RPDisplayName: cfg.Name,                               // Display Name for your site
+		RPID:          cfg.FQDN,                               // Generally the FQDN for your site
+		RPOrigins:     strings.Split(cfg.ApiAllowOrigin, ","), // The origin URLs allowed for WebAuthn requests
 	}
 
 	webAuthn, err := webauthn.New(config)