Support HmacSecret webauthn extension for all desktop platforms
Categories
(Core :: DOM: Web Authentication, enhancement, P3)
Tracking
()
People
(Reporter: nicolas, Unassigned)
References
(Blocks 1 open bug)
Details
User Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:70.0) Gecko/20100101 Firefox/70.0
Steps to reproduce:
Go to https://webauthntest.azurewebsites.net/ and select extension during MakeCredential
Actual results:
No extension available for Firefox 70
Expected results:
According to https://bugzilla.mozilla.org/show_bug.cgi?id=1551594 , WebAuthn HmacSecret extension is available only for Windows 10 Hello support
Is it possible to use Webauthn extension HmacSecret in the javascript API? https://fidoalliance.org/specs/fido-v2.0-rd-20180702/fido-client-to-authenticator-protocol-v2.0-rd-20180702.html#sctn-hmac-secret-extension
|
||
Updated•5 years ago
|
|
||
Comment 1•5 years ago
|
||
That extension requires CTAP2, and we only support CTAP2 right now via Windows Hello and on Android. (Android doesn't currently support that extension).
We'll keep this bug on-file to implement the extension support in CTAP2.
|
||
Updated•2 years ago
|
|
||
Updated•2 years ago
|
|
||
Comment 2•11 months ago
|
||
I think hmacSecret is now supported everywhere?
|
||
Comment 3•11 months ago
|
||
It doesn't really make sense to use hmacSecret on platforms other than Windows. This can be closed in favor of the PRF extension (Bug 1863819) that was introduced in WebAuthn level 3.
Description
•