Closed Bug 1814487 (enable-ctap2) Opened 2 years ago Closed 2 years ago

Let CTAP2 support ride the trains

Categories

(Core :: DOM: Web Authentication, task, P2)

Product:
Core
Component:
DOM: Web Authentication
Type:
task

Tracking

()

Status:
RESOLVED FIXED
Milestone:
112 Branch
Tracking Flags:
Tracking Status
relnote-firefox --- 114+
firefox112 --- disabled
firefox113 --- disabled
firefox114 --- fixed

People

(Reporter: jschanck, Assigned: jschanck)

References

(Blocks 2 open bugs)

Details

(Keywords: dev-doc-complete)

Attachments

(3 files)

Bug 1814487 - Enable CTAP2 support. r=dveditz
48 bytes, text/x-phabricator-request
Details | Review
Bug 1814487 - Pause rollout of CTAP2 support in 113. r=dveditz
48 bytes, text/x-phabricator-request
RyanVM
: approval-mozilla-beta+
Details | Review
Bug 1814487 - Pause rollout of CTAP2 support in 112. r=dveditz
48 bytes, text/x-phabricator-request
diannaS
: approval-mozilla-beta+
Details | Review

We have a number of bugs that can be marked as fixed once security.webauthn.ctap2 = true is the default. I'm going to link them here for tracking.

Depends on: 1814722
Depends on: 1814983
No longer depends on: 1814983
Depends on: 1816500
Blocks: 1817040
Depends on: 1817458

Should this bug depend on Bug 1803832 also?

Type: enhancement → task
Flags: needinfo?(jschanck)

No, but we can remove PublicKeyCredential::IsExternalCTAP2SecurityKeySupported once we have CTAP2 support on all platforms. I'll file a bug and make this one block it.

Flags: needinfo?(jschanck)
Blocks: 1819713

https://hg.mozilla.org/mozilla-central/rev/5d01d24be048

Status: NEW → RESOLVED
Closed: 2 years ago
status-firefox112: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 112 Branch
Keywords: dev-doc-needed

John can you check if this needs a release note, thanks?

Flags: needinfo?(jschanck)

Release Note Request (optional, but appreciated)
[Why is this notable]: This adds support for USB security keys that use version 2 of the FIDO Client to Authenticator Protocol. The new implementation also handles version 1 of the protocol through a backwards compatibility layer. Users will find that some sites provide them with new authentication options, such as a fully passwordless login using a public key credential stored on their security key. Obviously we were not able to test with every make and model of security key, so we might get reports of broken U2F flows from users with older or unusual models.
[Affects Firefox for Android]: No
[Suggested wording]: Users on macOS, Linux, and Windows 7 can now use FIDO2 / WebAuthn authenticators over USB. Some advanced features, such as fully passwordless logins, require a PIN to be set on the authenticator.
[Links (documentation, blog post, etc)]:

relnote-firefox: --- → ?
Flags: needinfo?(jschanck)

lgtm, Relnote for beta 112 is now available at https://www.mozilla.org/en-US/firefox/112.0beta/releasenotes/

FF112 MDN documentation can be tracked here https://github.com/mdn/content/issues/25361

Does this have any "normal" website developer facing impact?
MDN mostly documents the things that people writing websites can do. A developer will want to be able to authenticate their site using this feature, but do they have to do anything to make this possible - or is it something that the browser handles? If this is something in WebDriver then I'm not sure who owns it.

Would appreciate your advice on what docs (say Web_Authentication_API would be touched by this.

Flags: needinfo?(jschanck)

I don't think we need to update the MDN documentation for CTAP2. We'll be adding more web developer-facing WebAuthn features that depend on CTAP2 through Bug 1765549 and Bug 1802863. We can update the documentation as those changes are made.

Flags: needinfo?(jschanck)

:diannaS, can you remove the reference to Windows 7 from the release note? It looks like this is not working on Windows 7 and we won't fix it for 112.

Flags: needinfo?(dsmith)

Sure, it will take a few minutes to take effect.
I updated both the nightly release notes as well as the beta release notes

Flags: needinfo?(dsmith)

Comment on attachment 9325509 [details]
Bug 1814487 - Pause rollout of CTAP2 support in 113. r=dveditz

Beta/Release Uplift Approval Request

  • User impact if declined: We have reports that there are some problems with this feature on Windows 7 and FreeBSD. We also have reports of problems with some older security tokens, e.g. Yubikey 4 series.
  • Is this code covered by automated tests?: No
  • Has the fix been verified in Nightly?: Yes
  • Needs manual test from QE?: No
  • If yes, steps to reproduce:
  • List of other uplifts needed: None
  • Risk to taking this patch: Low
  • Why is the change risky/not risky? (and alternatives if risky): No risk, this just prevents a feature from rolling to release.
  • String changes made/needed:
  • Is Android affected?: No
Attachment #9325509 - Flags: approval-mozilla-beta?
Status: RESOLVED → REOPENED
Resolution: FIXED → ---

The patch I tagged for beta uplift does not apply cleanly, so I've attached a patch on beta as well.

Comment on attachment 9325512 [details]
Bug 1814487 - Pause rollout of CTAP2 support in 112. r=dveditz

Approved for 112.0b8

Attachment #9325512 - Flags: approval-mozilla-beta+
Attachment #9325509 - Flags: approval-mozilla-beta? → approval-mozilla-beta-
Regressions: 1824811

Thanks for your help, Dianna. We'll need to remove the release note as well.

Flags: needinfo?(dsmith)

I removed it from the main notes that will go out for 112. Did you want me to remove them from beta as well?

Flags: needinfo?(dsmith)

Thanks! Yes, probably best to remove the note from beta, as the pref is only enabled in early beta.

I see that the patch to put this back to early beta only landed for 112, not on m-c for 113+. Are we still planning to let this ride to Release for Fx113?

status-firefox113: fixedaffected
Flags: needinfo?(jschanck)
Regressions: 1824066
Alias: enable-ctap2
Regressions: 1823861

I'm going to receive a Yubico 4 series device in the next few days to confirm our fix for Bug 1824811. But my sense is that this is ready to ride to release in 113.

Status: REOPENED → RESOLVED
Closed: 2 years ago2 years ago
Flags: needinfo?(jschanck)
Resolution: --- → FIXED

Thanks, tagging the relnote to ride the 113 train to beta next week too.

status-firefox113: affectedfixed
relnote-firefox: ?113+
Attachment #9325509 - Attachment description: Bug 1814487 - Pause rollout of CTAP2 support. r=dveditz → Bug 1814487 - Pause rollout of CTAP2 support in 113. r=dveditz
Attachment #9325509 - Flags: approval-mozilla-beta-

Comment on attachment 9325509 [details]
Bug 1814487 - Pause rollout of CTAP2 support in 113. r=dveditz

Beta/Release Uplift Approval Request

  • User impact if declined: The CTAP2 feature will ride to release before it's ready.
  • Is this code covered by automated tests?: Yes
  • Has the fix been verified in Nightly?: Yes
  • Needs manual test from QE?: No
  • If yes, steps to reproduce:
  • List of other uplifts needed: None
  • Risk to taking this patch: Low
  • Why is the change risky/not risky? (and alternatives if risky):
  • String changes made/needed:
  • Is Android affected?: No
Attachment #9325509 - Flags: approval-mozilla-beta?

Comment on attachment 9325509 [details]
Bug 1814487 - Pause rollout of CTAP2 support in 113. r=dveditz

Approved for 113.0b8.

Attachment #9325509 - Flags: approval-mozilla-beta? → approval-mozilla-beta+
Regressions: 1829490

Note added back to 114 beta notes

(In reply to Pascal Chevrel:pascalc from comment #28)

Note added back to 114 beta notes

Thank you!

You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: