Closed Bug 1621476 Opened 4 years ago Closed 4 years ago

Firefox preview doesn't support Webauthn but PublicKeyCredential return true

Categories

(GeckoView :: General, enhancement, P1)

Product:
GeckoView
Component:
General
Platform:
All
Android
Type:
enhancement

Tracking

(firefox76 fixed)

Status:
RESOLVED FIXED
Milestone:
mozilla76
Tracking Flags:
Tracking Status
firefox76 --- fixed

People

(Reporter: mockinaeon, Assigned: snorp)

Details

(Whiteboard: [geckoview:m76])

Attachments

(1 file, 1 obsolete file)

Bug 1621476 - Disable WebAuthn on GeckoView
47 bytes, text/x-phabricator-request
Details | Review

User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36

Steps to reproduce:

https://github.com/mozilla-mobile/fenix/issues/9090
Attempt to login a website using security key(webauthn) as two factor.

Actual results:

As we are implementing two factor security key using webauthn, we have tested many browser on different devices. We tried firefox preview on Android, it seems window.PublicKeyCredential is returning something but not undefined, then our app render the wrong information but not showing the popup, which is confusing.

Expected results:

show not support webauthn message based on a javascript block checking window.PublicKeyCredential which should be null/undefined.

JC do you have any thoughts about this behavior? Ideally Firefox Preview would support the UI for webauthn. Should we return false on this check for now?

Flags: needinfo?(jjones)

Fenix needs to set the preference back to false to disable this until Fenix re-adds the support for WebAuthn.

Fenix should set the prefs security.webauth.webauthn_enable_android_fido2 and security.webauth.webauthn to false.

Flags: needinfo?(jjones)

I believe GeckoView controls that as there is not a prefs API.

Status: UNCONFIRMED → NEW
Ever confirmed: true
OS: All → Android
Hardware: Unspecified → All

We'll turn it back on once it's actually supported.

Assignee: nobody → snorp
Status: NEW → ASSIGNED
Attachment #9132580 - Attachment is obsolete: true

We'll enable it once it's actually supported.

Pushed by jwillcox@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/fac88f2cec9c
Disable WebAuthn on GeckoView r=jcj
Backout by malexandru@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/5fd1a87f522b
Backed out changeset fac88f2cec9c for causing failures in test_interfaces_secureContext.html
Flags: needinfo?(snorp)
Priority: -- → P1
Whiteboard: [geckoview:m76]
Pushed by jwillcox@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/2f0fdfd8fc57
Disable WebAuthn on GeckoView r=jcj,smaug

https://hg.mozilla.org/mozilla-central/rev/2f0fdfd8fc57

Status: ASSIGNED → RESOLVED
Closed: 4 years ago
status-firefox76: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla76
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: