Closed Bug 1505106 Opened 2 years ago Closed 2 years ago

Implement ReauthenticateUser method for TouchID-enabled MacOS devices

Categories

(Core :: Security: PSM, enhancement, P1)

All
macOS
enhancement

Tracking

()

RESOLVED FIXED
mozilla65
Tracking Status
firefox65 --- fixed

People

(Reporter: MattN, Assigned: jcj)

References

Details

(Whiteboard: [webpayments-reserve])

Attachments

(1 file)

The intention was to support TouchID but from testing by coworkers it seems like only a password is supported.
Priority: -- → P3
Correct, only a password is supported. We'll need to write a separate implementation feature-gated on TouchID to get that support, as it's a separate API.

This will appear as another method in OSReauthenticator.cpp [1] that gets called if XP_MACOSX and we detect TouchID at runtime.

[1] https://searchfox.org/mozilla-central/rev/6e0e603f4852b8e571e5b8ae133e772b18b6016e/security/manager/ssl/OSReauthenticator.cpp#266
Severity: normal → enhancement
Summary: asyncReauthenticateUser doesn't support TouchID on macOS → Implement ReauthenticateUser method for TouchID-enabled MacOS devices
Taking this.
Assignee: nobody → jjones
Status: NEW → ASSIGNED
Priority: P3 → P1
In Bug 1499846 we added support for OSX to do Keychain-based reauthentication.
On newer versions of OSX, it's possible to instead do TouchID/FaceID for bio-
metric reauthentication, with a fallback to Keychain.

This implements that functionality. There's no C++ interface to access the
LocalAuthentication framework, so it adds an Objective-C method called by the
existing OSReauthenticator methods to perform its work.
Flags: qe-verify+
QA Contact: hani.yacoub
Attachment #9024587 - Attachment description: Bug 1505106 - Support TouchID/FaceID for Reauthentication r?keeler → Bug 1505106 - Support TouchID/FaceID for Reauthentication r?spohl
Pushed by jjones@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/2b2777f72b09
Support TouchID/FaceID for Reauthentication r=spohl
https://hg.mozilla.org/mozilla-central/rev/2b2777f72b09
Status: ASSIGNED → RESOLVED
Closed: 2 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla65
I am not sure how to verify bugs with Touch ID, we don't have any MacBook with Touch ID.
I suppose one could verify no regressions w/o Touch ID. Otherwise I'd guess we need to accept no QA verification and leave that up to Web Payments if that is OK.

MattN: Thoughts?
Flags: needinfo?(MattN+bmo)
I think it's fine to rely on J.C.'s testing and bug reports for this.
Flags: needinfo?(MattN+bmo)

Removing the qe-verify flag, based on the previous comments.

Flags: qe-verify+
You need to log in before you can comment on or make changes to this bug.