1419298 - Support U2F multi-faced App IDs

Status: RESOLVED DUPLICATE of bug 1244959

(Core :: DOM: Device Interfaces, enhancement)

Description

[Alexander Birkner]

User Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.94 Safari/537.36

Steps to reproduce:

1. I've enabled the U2F support in about:config.
2. Tested the U2F Support here https://demo.yubico.com/u2f which works fine
3. Tested U2F Support on my companies website, doesn't work


Actual results:

Otherwise then the Yubico website our websites using a U2F multi-faced APP Id which is described here: https://fidoalliance.org/specs/fido-u2f-v1.0-ps-20141009/fido-appid-and-facets-ps-20141009.html#appid-example-1 and here https://developers.yubico.com/U2F/App_ID.html

I've took a look into the developer console on Firefox and there is no HTTP Request coming to our JSON list with allowed URLs. As result the U2F Key doesn't start blinking and there is no login possible. Which worked fine with Firefox 56 and the U2F Plugin.


Expected results:

Able to Login with a U2F multi-faced App ID on Firefox 57.

Comment 1

[J.C. Jones [:jcj] (he/him)]

I'll happily take patches to implement this fully, but unfortunately it's complicated to implement. Since we're not planing to ship U2F by default, I'm not intending to spend the time to do the refactoring necessary to Gecko to build this thorny part of the specification. Instead in Bug 1244959 I implemented a variation on the W3C Web Authentication code to handle the FacetID / AppID relaxation, instead of doing the external CORS-followed-by-fetch. 

(Note that W3C Web Authentication is about to declare a Candidate Recommendation; that's what we'll ship by default in one of the next several releases.)