Closed Bug 1508115 Opened 2 years ago Closed 1 year ago

Web Authentication - Support Windows Hello (mandatory in 2019)

Categories

(Core :: DOM: Device Interfaces, enhancement, P3)

All
Windows
enhancement

Tracking

()

RESOLVED FIXED
mozilla66
Tracking Status
relnote-firefox --- 66+
firefox-esr60 - wontfix
firefox64 --- wontfix
firefox65 --- wontfix
firefox66 + fixed

People

(Reporter: jcj, Assigned: akshay.sonu)

References

(Blocks 3 open bugs, )

Details

(Whiteboard: [webauthn] [webauthn-interop] [webauthn-ctap2])

Attachments

(1 file, 3 obsolete files)

WebAuthn no longer works on Windows Insider builds, as compatible security keys are no longer available via the USB HID interface. (Basically, u2f-hid-rs [1] will stop supporting Windows 10+).

Sometime this spring, Firefox 66 or 67 (and ESR 60) will need to use the Windows Hello API on when available to interact with Web Authentication. Otherwise, no devices will be detected and we'll have a Windows feature regression.

The relevant API headers are provided by Microsoft as MIT-licensed files [2] as they will need to be checked into mozilla-central.


[1] https://github.com/jcjones/u2f-hid-rs/
[2] https://github.com/Microsoft/webauthn
Priority: -- → P3
This change adopts Windows Win32 WebAuthN APIs from https://github.com/Microsoft/webauthn
Thank you, Akshay!
Assignee: nobody → akshaykumarkodali
Status: NEW → ASSIGNED
Oops, wrong user account. But seriously, thank you Akshay. Review will happen ASAP!
Assignee: akshaykumarkodali → akshay.sonu
- Incorporated review feedback - Version 1

Depends on D15752
This change adopts Windows Win32 WebAuthN APIs from https://github.com/Microsoft/webauthn
Attachment #9035412 - Attachment is obsolete: true
Attachment #9035392 - Attachment is obsolete: true

It's possible at this point that this patch won't make it into 66 before the freeze, but because of the upcoming Windows change, we still need it in 66, potentially via uplift. Marking for release tracking against 66.

Pushed by dkeeler@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/828fe91e878b
Web Authentication - Support Windows Hello r=keeler,jcj,baku
Status: ASSIGNED → RESOLVED
Closed: 1 year ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla66

From comment 0 it sounds like we'll want this on esr60 as well.

Depends on: 1522077

Support Main Algorithms

Attachment #9038527 - Attachment is obsolete: true

Is this something we need to backport to ESR60? If so, it'll need a rebased patch and an uplift approval request :)

Flags: needinfo?(akshay.sonu)

It's not a bad idea to uplift, but not until we have resolution on bug 1528097 (which I haven't investigated yet). We'd also have to uplift bug 1522077.

Flags: needinfo?(akshay.sonu)

This isn't going to make the 60.6esr release. Let's circle back during the next cycle.

Sounds good. I think the percentage of people using ESR that will move rapidly to the bleeding edge patchlevel of Windows 10 this month is going to be low.

Added a release note for 66: Easier, passwordless security: Added support for Windows Hello on Windows 10, allowing you to use your face, fingerprint, or external security keys for website authentication.

Dana, Kyle, since the fix in bug 1528097 is getting uplifted to ESR 60.7, maybe we could bring this in as well along with bug 1522077. What do you think? (asking you all since jcj is out)

Flags: needinfo?(kyle)
Flags: needinfo?(dkeeler)

I wasn't on the reviews for this, so I can't really speak for the complexity of uplift here.

Flags: needinfo?(kyle)

I'm looking in to this, but it's unclear exactly what all needs to be uploaded and how safe it would be.

Flags: needinfo?(dkeeler)

My analysis is that it would be difficult and risky to uplift this. These changes depend on a number of other changes (and I'm not even sure I've identified all of them), some of which landed before the great reformatting. If we're going to do this, it would need to be done by someone much more familiar with the implementation.

Type: defect → enhancement
You need to log in before you can comment on or make changes to this bug.