Closed Bug 1508115 Opened 5 years ago Closed 4 years ago

Web Authentication - Support Windows Hello (mandatory in 2019)

Categories

(Core :: DOM: Device Interfaces, enhancement, P3)

Product:
Core
Component:
DOM: Device Interfaces
Platform:
All
Windows
Type:
enhancement

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla66
Tracking Flags:
Tracking Status
relnote-firefox --- 66+
firefox-esr60 - wontfix
firefox64 --- wontfix
firefox65 --- wontfix
firefox66 + fixed

People

(Reporter: jcj, Assigned: akshay.sonu)

References

(Blocks 3 open bugs,
URL
)

Details

(Whiteboard: [webauthn] [webauthn-interop] [webauthn-ctap2])

Attachments

(1 file, 3 obsolete files)

Bug 1508115 - Web Authentication - Support Windows Hello
47 bytes, text/x-phabricator-request
Details | Review 
WebAuthn no longer works on Windows Insider builds, as compatible security keys are no longer available via the USB HID interface. (Basically, u2f-hid-rs [1] will stop supporting Windows 10+).

Sometime this spring, Firefox 66 or 67 (and ESR 60) will need to use the Windows Hello API on when available to interact with Web Authentication. Otherwise, no devices will be detected and we'll have a Windows feature regression.

The relevant API headers are provided by Microsoft as MIT-licensed files [2] as they will need to be checked into mozilla-central.


[1] https://github.com/jcjones/u2f-hid-rs/
[2] https://github.com/Microsoft/webauthn
Priority: -- → P3
This change adopts Windows Win32 WebAuthN APIs from https://github.com/Microsoft/webauthn
Thank you, Akshay!
Assignee: nobody → akshaykumarkodali
Status: NEW → ASSIGNED
Oops, wrong user account. But seriously, thank you Akshay. Review will happen ASAP!
Assignee: akshaykumarkodali → akshay.sonu
- Incorporated review feedback - Version 1

Depends on D15752

https://bugzilla.mozilla.org/show_bug.cgi?id=1518876 tracks Window Handle issue.

This change adopts Windows Win32 WebAuthN APIs from https://github.com/Microsoft/webauthn
Blocks: 1518876
Attachment #9035412 - Attachment is obsolete: true
Attachment #9035392 - Attachment is obsolete: true
Blocks: 1520817

It's possible at this point that this patch won't make it into 66 before the freeze, but because of the upcoming Windows change, we still need it in 66, potentially via uplift. Marking for release tracking against 66.

status-firefox66: --- → affected
tracking-firefox66: --- → ?
Pushed by dkeeler@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/828fe91e878b
Web Authentication - Support Windows Hello r=keeler,jcj,baku

https://hg.mozilla.org/mozilla-central/rev/828fe91e878b

Status: ASSIGNED → RESOLVED
Closed: 4 years ago
status-firefox66: affectedfixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla66

From comment 0 it sounds like we'll want this on esr60 as well.

status-firefox-esr60: --- → affected
tracking-firefox66: ?+
tracking-firefox-esr60: --- → ?
Depends on: 1522077

Support Main Algorithms

Blocks: 1522145
Attachment #9038527 - Attachment is obsolete: true
Blocks: webauthn-ctap2

Is this something we need to backport to ESR60? If so, it'll need a rebased patch and an uplift approval request :)

Flags: needinfo?(akshay.sonu)

It's not a bad idea to uplift, but not until we have resolution on bug 1528097 (which I haven't investigated yet). We'd also have to uplift bug 1522077.

Flags: needinfo?(akshay.sonu)
Depends on: 1528097

This isn't going to make the 60.6esr release. Let's circle back during the next cycle.

tracking-firefox-esr60: 66+67+

Sounds good. I think the percentage of people using ESR that will move rapidly to the bleeding edge patchlevel of Windows 10 this month is going to be low.

Added a release note for 66: Easier, passwordless security: Added support for Windows Hello on Windows 10, allowing you to use your face, fingerprint, or external security keys for website authentication.

relnote-firefox: --- → 66+

Dana, Kyle, since the fix in bug 1528097 is getting uplifted to ESR 60.7, maybe we could bring this in as well along with bug 1522077. What do you think? (asking you all since jcj is out)

Flags: needinfo?(kyle)
Flags: needinfo?(dkeeler)

I wasn't on the reviews for this, so I can't really speak for the complexity of uplift here.

Flags: needinfo?(kyle)

I'm looking in to this, but it's unclear exactly what all needs to be uploaded and how safe it would be.

Flags: needinfo?(dkeeler)

My analysis is that it would be difficult and risky to uplift this. These changes depend on a number of other changes (and I'm not even sure I've identified all of them), some of which landed before the great reformatting. If we're going to do this, it would need to be done by someone much more familiar with the implementation.

Type: defect → enhancement
You need to log in before you can comment on or make changes to this bug.