Support WebAuthn Tokens for WebAuthn on Android
Categories
(Core :: DOM: Web Authentication, enhancement, P1)
Tracking
()
People
(Reporter: jcj, Assigned: jcj)
References
(Blocks 3 open bugs, )
Details
(Whiteboard: [webauthn][geckoview:fenix:m7])
Attachments
(2 files)
Android just added native support for FIDO U2F token devices [1], so it is now easier to support this in Fennec. There's two approaches in the current WebAuthn code to add more platforms / authenticator types: 1. Implement another U2FTokenTransport that calls out to the OS as needed. 2. Add Android support to the Rust u2f-hid-rs library that we're importing into Gecko in Bug 1388843. I'm not familiar with Fennec enough to know which would be easier. I know there are some Rust FFI crates available for Android, so it might be relatively straightforward to at least pull in Bluetooth HID on Fennec that way. [1] https://developers.google.com/identity/fido/android/native-apps
|
Assignee | |
Comment 1•7 years ago
|
||
We'll probably just want to do this in Rust; I've filed https://github.com/jcjones/u2f-hid-rs/issues/42 to track it in the Rust lib.
|
||
Comment 2•6 years ago
|
||
Using the Android Api might get users support for more transports than upgrading the rust library? https://developers.google.com/android/reference/com/google/android/gms/fido/common/Transport The Android API supports BT, BT_LE, NFC and USB. https://developers.google.com/android/reference/com/google/android/gms/fido/common/Transport :nalexander could you please take a look?
|
||
Comment 3•6 years ago
|
||
(In reply to Axel Nennker from comment #2) > Using the Android Api might get users support for more transports than > upgrading the rust library? > https://developers.google.com/android/reference/com/google/android/gms/fido/ > common/Transport > > The Android API supports BT, BT_LE, NFC and USB. > https://developers.google.com/android/reference/com/google/android/gms/fido/ > common/Transport > > :nalexander could you please take a look? Hi Axel! Sorry, I can't spend any time on this -- I've long since moved off the Fennec project. I just do some build system stuff for Fennec now. I agree that an implementation based off the Android API would be better than re-implementing everything in Rust, but given resourcing for Fennec now, I don't think an implementation based on the Android API will happen any time soon. Sorry :(
|
||
Comment 4•6 years ago
|
||
no reviews needed yet, just a WIP
|
|
||
Updated•6 years ago
|
|
|
Assignee | |
Updated•6 years ago
|
|
|
Assignee | |
Updated•5 years ago
|
|
|
Assignee | |
Comment 5•5 years ago
|
||
The APIs involved here give us CTAP2 (FIDO2) support
|
|
||
Updated•5 years ago
|
|
||
Updated•5 years ago
|
|
|
||
Updated•5 years ago
|
|
|
||
Comment 7•5 years ago
|
||
Adding [geckoview:fenix:m7] whiteboard tag because we should figure out our WebAuthn plans in Q2.
|
|
Assignee | |
Comment 8•5 years ago
|
||
|
|
Assignee | |
Updated•5 years ago
|
Pushed by jjones@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/192ba11153b4 Move GECKOBUNDLE macros into their own header r=snorp https://hg.mozilla.org/integration/autoland/rev/d8e0bfeb5fa3 Support FIDO2 for WebAuthn on Android r=snorp,keeler
|
||
Comment 10•5 years ago
|
||
| bugherder | ||
https://hg.mozilla.org/mozilla-central/rev/192ba11153b4
https://hg.mozilla.org/mozilla-central/rev/d8e0bfeb5fa3
|
||
Updated•5 years ago
|
|
|
Assignee | |
Comment 11•5 years ago
|
||
Release Note Request (optional, but appreciated)
[Why is this notable]: We're enabling Web Authentication, including biometric authentication support, for Android (Fennec)
[Affects Firefox for Android]: Yes, this brings Fennec in-line with desktop (where WebAuthn shipped in 60).
[Suggested wording]: Support the anti-phishing W3C Web Authentication API on Firefox for Android.
[Links (documentation, blog post, etc)]: to be published
|
||
Comment 12•5 years ago
|
||
I'm using Firefox Beta 68 on a Samsung S5 mini with Android 6.0.1 with an NFC-enabled hardware security key (it's a Solo Tap), but I can't figure out how it works. It keeps popping up with the dialog asking me what to do with the NFC tag I've just presented my phone with.
Is there an additional app I need installed to take care of this for me? The instructions for my key say that I need the Google Authenticator app install, which I've just done, but it doesn't seem to change anything.
|
|
||
Comment 13•5 years ago
|
||
I guess bug 1551230 comment 5 covers this from a release notes pov? I can change the wording to your suggestion though.
|
|
Assignee | |
Comment 15•5 years ago
|
||
(In reply to Starbeamrainbowlabs from comment #12)
I'm using Firefox Beta 68 on a Samsung S5 mini with Android 6.0.1 with an NFC-enabled hardware security key (it's a Solo Tap), but I can't figure out how it works. It keeps popping up with the dialog asking me what to do with the NFC tag I've just presented my phone with.
Is there an additional app I need installed to take care of this for me? The instructions for my key say that I need the Google Authenticator app install, which I've just done, but it doesn't seem to change anything.
Hey Starbeamrainbowtabs:
We don't use Bugzilla for support (overall), but you shouldn't need any additional apps, no. The key instructions reflect Android of 2018, not the updates to add FIDO2 around New Years. The dialog that shows up when you're using WebAuthn (https://webauthn.io, https://webauthn.me) should let you trigger via NFC just fine, though the only NFC security keys I have used to test are Yubikey 4-series ones. The actual interaction with your security key here is mediated by Android, not us, so we're limited in what we can do to improve it, but feel free to email me directly and I'll try and help.
|
|
||
Updated•5 years ago
|
|
|
||
Comment 16•5 years ago
|
||
[geckoview:fenix:m7] bugs should be priority P1.
I'm editing a bunch of GeckoView bugs. If you'd like to filter all this bugmail, search and destroy emails containing this UUID:
e88a5094-0fc0-4b7c-b7c5-aef00a11dbc9
Description
•