1671988 - Attaching an ActivityDelegate to the Engine assumes we have WebAuthn support

Status: NEW

(GeckoView :: General, defect, P3)

Description

[Jonathan Almeida [:jonalmeida]]

When we attach the ActivityDelegate to the GeckoView runtime, websites assume we have support for WebAuthn.

You can see this with GVE and AC's Sample Browser by going to Github and attempting to sign-in - we can see that we are prompted to setup a security key but without the full API support the call will fail.

On a related note, could the ActivityDelegate be added to the GeckoView instance instead where we have a reference to a fragment/activity? I can also file a separate issue for this discussion.

Comment 1

[James Willcox (:snorp) (jwillcox@mozilla.com) (he/him)]

(In reply to Jonathan Almeida [:jonalmeida] from comment #0)

When we attach the ActivityDelegate to the GeckoView runtime, websites assume we have support for WebAuthn.

Yeah, I think that's mostly ok? In practice this will only be wrong if Fenix is on a phone without Google Play Services, which will not be a lot of devices.

You can see this with GVE and AC's Sample Browser by going to Github and attempting to sign-in - we can see that we are prompted to setup a security key but without the full API support the call will fail.

What do you mean "full API" support? You've implemented the delegate, but are always returning a failed GeckoResult?

On a related note, could the ActivityDelegate be added to the GeckoView instance instead where we have a reference to a fragment/activity? I can also file a separate issue for this discussion.

It's possible, but it's not really in line with how Web Authn works in Gecko right now, so we punted on that in order to get things going sooner.

Comment 2

[Jonathan Almeida [:jonalmeida]]

(In reply to James Willcox (:snorp) (jwillcox@mozilla.com) (he/him) from comment #1)

(In reply to Jonathan Almeida [:jonalmeida] from comment #0)

When we attach the ActivityDelegate to the GeckoView runtime, websites assume we have support for WebAuthn.

Yeah, I think that's mostly ok? In practice this will only be wrong if Fenix is on a phone without Google Play Services, which will not be a lot of devices.

Wouldn't this be wrong if this a generic ActivityDelegate used for other features instead of a WebAuthn specific delegate? Maybe we should rename this to be a WebAuthnDelegate instead?

What do you mean "full API" support? You've implemented the delegate, but are always returning a failed GeckoResult?

Ah, I meant we've added the delegate but we do not have the Play Services library to complete the GeckoResult. Thinking about it again, it probably makes sense to not have the delegate set if we don't have the feature implemented.

On a related note, could the ActivityDelegate be added to the GeckoView instance instead where we have a reference to a fragment/activity? I can also file a separate issue for this discussion.

It's possible, but it's not really in line with how Web Authn works in Gecko right now, so we punted on that in order to get things going sooner.

The API can be a bit awkward when the runtime is part of the app lifecycle instead of the activity lifecycle, so we have to ensure we have one activity for the same runtime to receive the events or make every activity return the result back to the runtime.