Support HmacSecret webauthn extension
Categories
(Core :: DOM: Web Authentication, enhancement, P1)
Tracking
()
People
(Reporter: akshay.sonu, Assigned: jcj)
References
Details
(Whiteboard: qa-69b-p2)
Attachments
(1 file)
|
47 bytes,
text/x-phabricator-request
|
RyanVM
:
approval-mozilla-esr68+
|
Details | Review |
User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3789.0 Safari/537.36 Edg/76.0.158.0
Steps to reproduce:
Go to https://webauthntest.azurewebsites.net/ and select extension during MakeCredential
Actual results:
Firefox webauthn implementation don't support MakeCredential CredProtect and Hmac-secret extensions. These are supported by Chrome/Edge.
Expected results:
Firefox webauthn implementation should support common extensions by other browsers for maximum compatibility.
|
Reporter | |
Comment 1•6 years ago
|
||
|
||
Updated•6 years ago
|
|
||
Updated•6 years ago
|
|
Assignee | |
Comment 2•6 years ago
|
||
[Tracking Requested - why for this release]:
We'll want this in ESR68 for broad WebAuthn compatibility.
|
||
Updated•6 years ago
|
|
|
Assignee | |
Comment 5•6 years ago
|
||
Taking this on next week
|
||
Updated•6 years ago
|
|
|
||
Comment 6•6 years ago
|
||
[Tracking Requested - why for this release]: see comment 2
|
||
Comment 8•6 years ago
|
||
| bugherder | ||
|
|
Assignee | |
Comment 9•6 years ago
|
||
Release Note Request (optional, but appreciated)
[Why is this notable]: New extension webdevs can support when targetting CTAP2.
[Affects Firefox for Android]: No, only Windows 10 2019-04 or later.
[Suggested wording]: Added support for the Web Authentication HmacSecret extension via Windows Hello.
[Links (documentation, blog post, etc)]: Not planning one, but https://fidoalliance.org/specs/fido-v2.0-ps-20190130/fido-client-to-authenticator-protocol-v2.0-ps-20190130.html#sctn-hmac-secret-extension covers the extension
|
|
||
Updated•6 years ago
|
|
|
Assignee | |
Comment 11•6 years ago
|
||
Akshay,
Can you have your team verify this functionality for Firefox 69 (Beta)?
|
||
Updated•6 years ago
|
|
||
Comment 12•6 years ago
|
||
Do we need to do something for 68.1esr here still?
|
|
Assignee | |
Comment 13•6 years ago
|
||
Comment on attachment 9064801 [details]
Bug 1551594 - Support HmacSecret webauthn extension
ESR Uplift Approval Request
- If this is not a sec:{high,crit} bug, please state case for ESR consideration: This patch provides support for using Windows Hello (via WebAuthn) to log into Azure Active Directory enterprise domains, which is almost entirely an ESR population. It keeps Firefox in-sync with Edge for these users.
- User impact if declined: No AAD WebAuthn support until next ESR.
- Fix Landed on Version: 69
- Risk to taking this patch: Low
- Why is the change risky/not risky? (and alternatives if risky): It's very contained, only to Windows via Hello. However, it has no meaningful automated tests, however I tested the feature via https://webauthntest.azurewebsites.net/ with success.
- String or UUID changes made by this patch: None
|
|
Assignee | |
Comment 14•6 years ago
|
||
Note: D31093 grafts cleanly to esr68. Thanks for the ping, Ryan.
|
|
||
Comment 15•6 years ago
|
||
Comment on attachment 9064801 [details]
Bug 1551594 - Support HmacSecret webauthn extension
Improves Edge feature parity in enterprise environments. Approved for 68.1esr.
|
||
Comment 16•6 years ago
|
||
| bugherder uplift | ||
|
|
Assignee | |
Comment 17•6 years ago
|
||
Akshay confirmed this works great.
Description
•