Web Authentication - Support Windows Hello (mandatory in 2019)
Categories
(Core :: DOM: Device Interfaces, enhancement, P3)
Tracking
()
People
(Reporter: jcj, Assigned: akshay.sonu)
References
(Blocks 3 open bugs, )
Details
(Whiteboard: [webauthn] [webauthn-interop] [webauthn-ctap2])
Attachments
(1 file, 3 obsolete files)
WebAuthn no longer works on Windows Insider builds, as compatible security keys are no longer available via the USB HID interface. (Basically, u2f-hid-rs [1] will stop supporting Windows 10+). Sometime this spring, Firefox 66 or 67 (and ESR 60) will need to use the Windows Hello API on when available to interact with Web Authentication. Otherwise, no devices will be detected and we'll have a Windows feature regression. The relevant API headers are provided by Microsoft as MIT-licensed files [2] as they will need to be checked into mozilla-central. [1] https://github.com/jcjones/u2f-hid-rs/ [2] https://github.com/Microsoft/webauthn
Updated•5 years ago
|
Assignee | ||
Comment 1•5 years ago
|
||
This change adopts Windows Win32 WebAuthN APIs from https://github.com/Microsoft/webauthn
Reporter | ||
Comment 2•5 years ago
|
||
Thank you, Akshay!
Reporter | ||
Comment 3•5 years ago
|
||
Oops, wrong user account. But seriously, thank you Akshay. Review will happen ASAP!
Assignee | ||
Comment 4•5 years ago
|
||
- Incorporated review feedback - Version 1 Depends on D15752
Assignee | ||
Comment 5•5 years ago
|
||
https://bugzilla.mozilla.org/show_bug.cgi?id=1518876 tracks Window Handle issue.
Assignee | ||
Comment 6•5 years ago
|
||
This change adopts Windows Win32 WebAuthN APIs from https://github.com/Microsoft/webauthn
Updated•5 years ago
|
Updated•5 years ago
|
Reporter | ||
Comment 7•4 years ago
|
||
It's possible at this point that this patch won't make it into 66 before the freeze, but because of the upcoming Windows change, we still need it in 66, potentially via uplift. Marking for release tracking against 66.
Pushed by dkeeler@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/828fe91e878b Web Authentication - Support Windows Hello r=keeler,jcj,baku
Comment 10•4 years ago
|
||
bugherder |
Comment 11•4 years ago
|
||
From comment 0 it sounds like we'll want this on esr60 as well.
Comment 12•4 years ago
|
||
https://hg.mozilla.org/projects/cedar/rev/828fe91e878b700d0135adb3f45a9554694e4498 Bug 1508115 - Web Authentication - Support Windows Hello r=keeler,jcj,baku
Updated•4 years ago
|
Assignee | ||
Comment 13•4 years ago
|
||
Support Main Algorithms
Updated•4 years ago
|
Reporter | ||
Updated•4 years ago
|
Comment 14•4 years ago
|
||
Is this something we need to backport to ESR60? If so, it'll need a rebased patch and an uplift approval request :)
Reporter | ||
Comment 15•4 years ago
|
||
It's not a bad idea to uplift, but not until we have resolution on bug 1528097 (which I haven't investigated yet). We'd also have to uplift bug 1522077.
Comment 17•4 years ago
|
||
This isn't going to make the 60.6esr release. Let's circle back during the next cycle.
Reporter | ||
Comment 18•4 years ago
|
||
Sounds good. I think the percentage of people using ESR that will move rapidly to the bleeding edge patchlevel of Windows 10 this month is going to be low.
Added a release note for 66: Easier, passwordless security: Added support for Windows Hello on Windows 10, allowing you to use your face, fingerprint, or external security keys for website authentication.
Dana, Kyle, since the fix in bug 1528097 is getting uplifted to ESR 60.7, maybe we could bring this in as well along with bug 1522077. What do you think? (asking you all since jcj is out)
Comment 21•4 years ago
|
||
I wasn't on the reviews for this, so I can't really speak for the complexity of uplift here.
I'm looking in to this, but it's unclear exactly what all needs to be uploaded and how safe it would be.
My analysis is that it would be difficult and risky to uplift this. These changes depend on a number of other changes (and I'm not even sure I've identified all of them), some of which landed before the great reformatting. If we're going to do this, it would need to be done by someone much more familiar with the implementation.
OK, thanks. Let's leave it for 68 ESR then.
Reporter | ||
Updated•4 years ago
|
Description
•