Closed Bug 1536773 Opened 1 year ago Closed 1 year ago

WebAuthn does not return userHandle back during Authentication


(Core :: DOM: Web Authentication, defect, P1)

66 Branch



Tracking Status
firefox66 --- wontfix
firefox67 + fixed
firefox68 --- fixed


(Reporter: akshay.sonu, Assigned: akshay.sonu)



(1 file)

User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.121 Safari/537.36

Steps to reproduce:

Create a resident key on cross-platform authenticator.
Try usernameless authentication flows.

Actual results:

Credential ID is returned. UserHandle is not.

Expected results:

Both Credential ID as well userHandle needs to be returned.

Component: Untriaged → DOM: Device Interfaces
Product: Firefox → Core

I don't believe it has to be a cross-platform authenticator - I'm fairly sure the same happens if you use the Windows Hello platform authenticator as well.

[Tracking Requested - why for this release]:
This spec-compliance issue affects the new Firefox 66 Windows Hello feature, unfortunately not found until post-release. We should try and get this fixed in beta 67 though, and maybe consider for a 66-point-release-ridealong, but it doesn't seem that critical.

Assignee: nobody → akshay.sonu
Component: DOM: Device Interfaces → DOM: Web Authentication
Ever confirmed: true
Priority: -- → P1
Pushed by
WebAuthn does not return userHandle back during Authentication r=jcj
Closed: 1 year ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla68

Ashkay, is your fix upliftable to beta? If it is, please request the uplift, thanks!

Flags: needinfo?(akshay.sonu)

Dana, could you help with uplifting this bug to beta or find somebody to help with the uplift while jcj is on PTO (see comment #3 for the why)? Thanks!

Flags: needinfo?(dkeeler)

Comment on attachment 9052260 [details]
Bug 1536773 - WebAuthn does not return userHandle back during Authentication

Beta/Release Uplift Approval Request

  • Feature/Bug causing the regression: webauthn for windows hello/bug 1508115
  • User impact if declined: WebAuthn won't fully work with the next Windows 10 release
  • Is this code covered by automated tests?: No
  • Has the fix been verified in Nightly?: No
  • Needs manual test from QE?: No
  • If yes, steps to reproduce:
  • List of other uplifts needed: None
  • Risk to taking this patch: Low
  • Why is the change risky/not risky? (and alternatives if risky): This is a small, straightforward change.
  • String changes made/needed:
Flags: needinfo?(dkeeler)
Attachment #9052260 - Flags: approval-mozilla-beta?

Comment on attachment 9052260 [details]
Bug 1536773 - WebAuthn does not return userHandle back during Authentication

Compatibility with Windows Hello in the next Windows 10 release which is in the 67 release timeframe, low risk patch, uplift accepted for 67 beta 10. Thanks

Attachment #9052260 - Flags: approval-mozilla-beta? → approval-mozilla-beta+
Flags: needinfo?(akshay.sonu)
You need to log in before you can comment on or make changes to this bug.