Hello Mozilla, Though progress is continuing on U2F support in Firefox nightly, Google's offerings for U2F are currently incompatible. Even when using Firefox Nightly with the U2F flags set and setting the UA string to match a Chrome browser, attempting to register a U2F token through Firefox causes an error. There doesn't appear to be any useful debugging output in the browser console. This seems unrelated to 1340738, as Google's U2F test appspot works just fine, even without browser string modification. It would be good to have Google supporting this functionality when the U2F features in Firefox make it to stable.
It seems related. But gmail fails for users when prefs security.webauth.u2f and/or security.webauth.webauthn set to true See https://webcompat.com/issues/12810
See Also: → https://webcompat.com/issues/12810
Whiteboard: [parity-chrome] → [parity-chrome] [webcompat]
I believe this is actually https://webcompat.com/issues/9975
See Also: → https://webcompat.com/issues/9975
jkt, do you know who is working on u2f who might know more about this situation? thanks.
Priority: -- → P1
I'm sorry Mike I totally missed this! :jcj is likely to answer this question, I think he has been in contact with Google regarding this however not certain.
Flags: needinfo?(jkt) → needinfo?(jjones)
Regarding the comment 1's https://webcompat.com/issues/12810: Arnar in the Google security team just debugged that issue in Bug 1441814 comment 10: > I believe this is happening because enabling security.webauth.u2f adds a new > global "u2f" on window, which is short enough to be used by JS compilers. > > We (Google) have added "u2f" to the list of names that the compiler is not > allowed to generate, and expect this to be fixed once that propagates to > frontend builds. As to comment 0, about Google not supporting Firefox-with-U2F: The Google Accounts team needed Bug 1436078 before they could move forward. Since that's now in Firefox 60, they're working on it on their side. I don't know a timeline.
Mass bug change to replace various 'parity' whiteboard flags with the new canonical keywords. (See bug 1443764 comment 13.)
Whiteboard: [parity-chrome] [webcompat] → [webcompat]
As how I tried just now, I can use soft token U2F for Google account without UA faking. This ticket shall be close hence.
lolipopplus (In reply to lolipopplus from comment #7) > As how I tried just now, I can use soft token U2F for Google account without > UA faking. > This ticket shall be close hence. I concur with your comment, as I can reproduce on Firefox 62.0a1 (build: 2018-05-24) on Windows. I'll try to reproduce on linux soon.
Under linux, FF 62.0a1 (2018-05-30) (64-bit) still gives me the following message on Google: Use your Security Key in Chrome Security Keys don't work with this browser. Try again in Chrome. While working fine on other sites supporting U2F (Bitwarden, example test sites).
Agreed; it is still not working on Linux [62.0a1 (2018-05-29) (64-bit)]. Switching the UA to Chrome errors as it always has, and switching the UA to FF Nightly on Windows gives the same UA filtering error as when reporting the true UA.
Hey folks, I heard back from Google. This should be working on Linux. Let me make sure: Using the U2F support, Firefox is supported for _sign in_, but not new security key _registration_. This is because we made a deliberate choice in Bug 1436078 to limit the security risk/exposure of the hard-coded values to already-registered keys (Bug 1436078 comment 3). If you add a security key with Chrome, now or in the past, it should work in Firefox for sign in on any platform. I'm sure that isn't what you're hoping to hear, but I just want to make sure that there isn't an _unexpected bug_ here, so please do let me know if this is broken on sign in or on registration. And of course, WebAuthn is coming soon to Google Accounts, and supersedes all of this -- Chrome 67 with WebAuthn support launched yesterday. :)
Aha! I was testing the registration workflow. The login workflow appears to work correctly on Linux for me. Good to resolve as complete on my end.
I can confirm the login flow works with u2f token on FF62a1 (doesn't for 60 and 61b) for both GMail and Google Suit (sometimes there is a slowdown in feature rollout to GSuite accounts, so I just wanted to be sure).
It sounds like we can close this then (unless I'm mistaken...). Thanks all!
Status: UNCONFIRMED → RESOLVED
Last Resolved: 10 months ago
Resolution: --- → FIXED
Do I need to flip any switches in about:config for this to work?
Component: Desktop → Desktop
Product: Tech Evangelism → Web Compatibility
You need to log in before you can comment on or make changes to this bug.