Open Bug 1422516 Opened 8 years ago Updated 2 years ago

Fingerprint reader support

Categories

(Core :: DOM: Device Interfaces, enhancement, P5)

Product:
Core
Component:
DOM: Device Interfaces
Version:
57 Branch
Type:
enhancement

Tracking

()

People

(Reporter: u397327, Unassigned)

Details

User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:57.0) Gecko/20100101 Firefox/57.0 Build ID: 20171128222554 Steps to reproduce: Hello, at the past I had LastPass binary component, that allow the lastpass extension to use my fingerprint reader. But after updating to Firefox 57 and WE version of the extension this is stopped to work. Anyway I changed Lastpass for another password manager, but main issue is the same: I must enter my master password manually. It will be nice, to have some API for developers that allow them to use fingerprint readers. Fingerprint readers are usual component of notebooks and phones, so not only expensive machines have them. Maybe Microsoft have some API to let applications to use Windows Hello of Windows 10.
Component: Untriaged → WebExtensions: Untriaged
Product: Firefox → Toolkit
It seems very unlikely that we would add a specific webextension API for this, I would suggest looking at native messaging: https://developer.mozilla.org/en-US/Add-ons/WebExtensions/Native_messaging
Whiteboard: design-decision-needed
I don't see what API we'd add for this, I feel like its up to last password to add in support for that in their nativeMessaging component. Andrew is there something that you feel we'd get out of this in a design-decision meeting?
Whiteboard: design-decision-needed → [design-decision-needed]
(In reply to Andy McKay [:andym] from comment #2) > I don't see what API we'd add for this, I feel like its up to last password > to add in support for that in their nativeMessaging component. Andrew is > there something that you feel we'd get out of this in a design-decision > meeting? The request was for a built-in API for fingerprint readers. I agree that an extension could do this with native messaging (though note that the reporter specifically says they are not using lastpass, though they don't say which password manager they are using). If you don't think the tradeoff between supporting a built-in API versus using native messaging is worth discussing then this can just be closed.
I don't think its something we'd be adding to WebExtensions since its highly dependent on a particular hardware use case. In Firefox 57 support for U2F security keys was added and WebExtension support for that might make sense. This is one of those bugs where the real request is to add in support in Firefox for something. If that happens we could add in a WebExtension API for it later on. So I'm going to bounce it over to Core: DOM: Device Interfaces. They'll probably tell me that its the wrong place though :)
Component: WebExtensions: Untriaged → DOM: Device Interfaces
Product: Toolkit → Core
Whiteboard: [design-decision-needed]
This is a fine component but I'm going to mark it as P5 since we have no plans to work on this. Maybe JC has plans, though?
Severity: normal → enhancement
Status: UNCONFIRMED → NEW
Ever confirmed: true
Flags: needinfo?(jjones)
Priority: -- → P5
This kind of symmetric authentication is something that would be a nice follow-on to Web Authentication, but is not in the level-1 spec, which is focused on using public key cryptography from (yet to be released) fingerprint readers. Something like LastPass would want to do symmetric key cryptography (secret storage, really) based on the reader, which is currently out-of-scope for that spec. One of either Web Authentication or Credential Management are probably the correct W3 specs for such functionality though.
Flags: needinfo?(jjones)
Severity: normal → S3
You need to log in before you can comment on or make changes to this bug.