Open Bug 1543674 Opened 6 years ago Updated 1 month ago

Implement CTAP2 hybrid transport

Categories

(Core :: DOM: Web Authentication, enhancement, P2)

Firefox 113
enhancement

Tracking

()

ASSIGNED

People

(Reporter: ignisvulpis, Assigned: jschanck)

References

(Blocks 2 open bugs)

Details

User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:67.0) Gecko/20100101 Firefox/67.0

Steps to reproduce:

Implement WebAuthn cloud-based BLE extension

Currently using an Android phone as an WebAuthn authenticator is not possible with Firefox because Firefox does not implement the cloud-based WebAuthn extension which is currently still in the W3C standardization process.

Google has implemented this extension in Chrome.

Not sure the progress of the specification is. Asked Christaan Brands to provide a link to the spec.

Link to spec and discussion in which @jcjones is involved https://github.com/w3c/webauthn/pull/909

Status: UNCONFIRMED → NEW
Type: defect → enhancement
Component: Untriaged → DOM: Web Authentication
Ever confirmed: true
Product: Firefox → Core

CABLE would be cool; it's a major undertaking, though. We'll have to tackle this one after we get the rest of CTAP2/FIDO2 support in.

Severity: normal → major
OS: Unspecified → All
Priority: -- → P4
Hardware: Unspecified → All
QA Whiteboard: qa-not-actionable

In the process of migrating remaining bugs to the new severity system, the severity for this bug cannot be automatically determined. Please retriage this bug using the new severity system.

Severity: major → --
Assignee: nobody → jschanck
Blocks: passkeys
Status: NEW → ASSIGNED
Priority: P4 → P2
Summary: Implement WebAuthn cloud-based BLE extension → Implement CTAP2 hybrid transport
Version: 67 Branch → Firefox 113

FIDO has released a first public draft of the CTAP 2.2 specification, which includes details about the hybrid transport. https://fidoalliance.org/specs/fido-v2.2-rd-20230321/fido-client-to-authenticator-protocol-v2.2-rd-20230321.html

On Windows, the CTAP 2.2 Hybrid protocol is being implemented as a part of the OS.

While Firefox will get the ability to sign in with passkeys located on phones, the best experience for the users will be when Firefox can integrate the new webauthn.h header and its new WEBAUTHN_CTAP_TRANSPORT_HYBRID flag as a part of Firefox's WebAuthn mappings:

https://searchfox.org/mozilla-central/source/dom/webauthn/WinWebAuthnManager.cpp#342
https://searchfox.org/mozilla-central/source/dom/webauthn/WinWebAuthnManager.cpp#570

Integration into these mappings will ensure that passkeys created through Firefox will receive the proper transport tagging when the passkey is provided to the RPs.

The updated webauthn.h header containing the new fields needed for CTAP Hybrid can be found here: https://github.com/microsoft/webauthn/blob/master/webauthn.h

You can start testing some of the integrations on the Windows Dev insider channel (currently supporting up to WEBAUTHN_API_VERSION_6, with WEBAUTHN_API_VERSION_7 features coming in the nearish future): https://blogs.windows.com/windows-insider/2023/06/22/announcing-windows-11-insider-preview-build-23486/

Duplicate of this bug: 1895756
You need to log in before you can comment on or make changes to this bug.