Web Authentication - Support Windows Hello (mandatory in 2019)

RESOLVED FIXED in Firefox 66

Status

()

enhancement
P3
normal
RESOLVED FIXED
7 months ago
2 months ago

People

(Reporter: jcj, Assigned: akshay.sonu)

Tracking

(Blocks 3 bugs)

unspecified
mozilla66
All
Windows
Points:
---
Dependency tree / graph

Firefox Tracking Flags

(relnote-firefox 66+, firefox-esr60- wontfix, firefox64 wontfix, firefox65 wontfix, firefox66+ fixed)

Details

(Whiteboard: [webauthn] [webauthn-interop] [webauthn-ctap2], )

Attachments

(1 attachment, 3 obsolete attachments)

Reporter

Description

7 months ago
WebAuthn no longer works on Windows Insider builds, as compatible security keys are no longer available via the USB HID interface. (Basically, u2f-hid-rs [1] will stop supporting Windows 10+).

Sometime this spring, Firefox 66 or 67 (and ESR 60) will need to use the Windows Hello API on when available to interact with Web Authentication. Otherwise, no devices will be detected and we'll have a Windows feature regression.

The relevant API headers are provided by Microsoft as MIT-licensed files [2] as they will need to be checked into mozilla-central.


[1] https://github.com/jcjones/u2f-hid-rs/
[2] https://github.com/Microsoft/webauthn
Priority: -- → P3
Assignee

Comment 1

6 months ago
This change adopts Windows Win32 WebAuthN APIs from https://github.com/Microsoft/webauthn
Reporter

Comment 2

6 months ago
Thank you, Akshay!
Assignee: nobody → akshaykumarkodali
Status: NEW → ASSIGNED
Reporter

Comment 3

6 months ago
Oops, wrong user account. But seriously, thank you Akshay. Review will happen ASAP!
Assignee: akshaykumarkodali → akshay.sonu
Assignee

Comment 4

6 months ago
- Incorporated review feedback - Version 1

Depends on D15752
Assignee

Comment 5

6 months ago
Assignee

Comment 6

6 months ago
This change adopts Windows Win32 WebAuthN APIs from https://github.com/Microsoft/webauthn
Reporter

Updated

6 months ago
Blocks: 1518876
Attachment #9035412 - Attachment is obsolete: true
Attachment #9035392 - Attachment is obsolete: true
Reporter

Updated

5 months ago
Blocks: 1520817
Reporter

Comment 7

5 months ago

It's possible at this point that this patch won't make it into 66 before the freeze, but because of the upcoming Windows change, we still need it in 66, potentially via uplift. Marking for release tracking against 66.

Comment 9

5 months ago
Pushed by dkeeler@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/828fe91e878b
Web Authentication - Support Windows Hello r=keeler,jcj,baku

Comment 10

5 months ago
bugherder
Status: ASSIGNED → RESOLVED
Closed: 5 months ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla66

From comment 0 it sounds like we'll want this on esr60 as well.

Depends on: 1522077
Assignee

Comment 13

5 months ago

Support Main Algorithms

Reporter

Updated

5 months ago
Blocks: 1522145
Attachment #9038527 - Attachment is obsolete: true
Reporter

Updated

4 months ago

Is this something we need to backport to ESR60? If so, it'll need a rebased patch and an uplift approval request :)

Flags: needinfo?(akshay.sonu)
Reporter

Comment 15

4 months ago

It's not a bad idea to uplift, but not until we have resolution on bug 1528097 (which I haven't investigated yet). We'd also have to uplift bug 1522077.

Flags: needinfo?(akshay.sonu)
Reporter

Updated

4 months ago
Depends on: 1528097
Reporter

Updated

4 months ago
Duplicate of this bug: 1410269

This isn't going to make the 60.6esr release. Let's circle back during the next cycle.

Reporter

Comment 18

4 months ago

Sounds good. I think the percentage of people using ESR that will move rapidly to the bleeding edge patchlevel of Windows 10 this month is going to be low.

Added a release note for 66: Easier, passwordless security: Added support for Windows Hello on Windows 10, allowing you to use your face, fingerprint, or external security keys for website authentication.

Dana, Kyle, since the fix in bug 1528097 is getting uplifted to ESR 60.7, maybe we could bring this in as well along with bug 1522077. What do you think? (asking you all since jcj is out)

Flags: needinfo?(kyle)
Flags: needinfo?(dkeeler)

I wasn't on the reviews for this, so I can't really speak for the complexity of uplift here.

Flags: needinfo?(kyle)

I'm looking in to this, but it's unclear exactly what all needs to be uploaded and how safe it would be.

Flags: needinfo?(dkeeler)

My analysis is that it would be difficult and risky to uplift this. These changes depend on a number of other changes (and I'm not even sure I've identified all of them), some of which landed before the great reformatting. If we're going to do this, it would need to be done by someone much more familiar with the implementation.

OK, thanks. Let's leave it for 68 ESR then.

Reporter

Updated

2 months ago
Type: defect → enhancement
You need to log in before you can comment on or make changes to this bug.