Open Bug 1854568 Opened 9 months ago Updated 7 months ago

Add support for the "webauthn:virtualAuthenticators" capability

Categories

(Remote Protocol :: Marionette, defect, P2)

Product:
Remote Protocol
Component:
Marionette
Type:
defect
Points:
3

Tracking

(Not tracked)

People

(Reporter: whimboo, Unassigned)

References

(Blocks 1 open bug)

Details

(Whiteboard: [webdriver:backlog])

Attachments

(1 file, 1 obsolete file)

Bug 1854568 - Add capability "webauthn:virtualAuthenticators" into WebDriver classic's new session capabilities r?whimboo
48 bytes, text/x-phabricator-request
Details | Review

The Web Authentication specification defines a webauthn:virtualAuthenticators boolean capability which indicates whether the endpoint node supports all Virtual Authenticators commands.

Currently we do not set this capability for the new session command for WebDriver classic, which was basically missed on bug 1846574.

I wonder if geckodriver should be updated to set this capability to false for older versions of Firefox.

Attached patch webauthn_capabilities.patch (obsolete) — Splinter Review

Patch provided

Assignee: nobody → ddick

David, can you please use Phabricator to submit your patch? We are no longer handling reviews for patches as attachments. Please see the documentation for details. Thanks!

The severity field is not set for this bug.
:whimboo, could you have a look please?

For more information, please visit BugBot documentation.

Flags: needinfo?(hskupin)
Attachment #9354519 - Attachment is obsolete: true
Flags: needinfo?(hskupin)
Blocks: 1858150

Hi David, I wanted to ask if you are interested to continue working on this bug to get this capability added. I'm happy to mentor you. Thanks.

Flags: needinfo?(ddick)
Summary: Capability "webauthn:virtualAuthenticators" isn't returned within WebDriver classic's new session capabilities → Add support for the "webauthn:virtualAuthenticators" capability
Whiteboard: [webdriver:backlog]
Assignee: ddick → nobody
Severity: -- → S3
Points: --- → 3
Flags: needinfo?(ddick)
Priority: -- → P2

I actually had a look at the required implementation again and noticed that we actually do not validate capabilities in Marionette but only geckodriver. So the proposed patch is fine for setting the default, but fails when the capability is passed in with a false value. Then in the returned session capabilities the webauthn:virtualAuthenticators's value is also set to false even through we support all virtual authenticators. It means that in the fromJSON() method we can only make sure that the type is correct.

Beside that I noticed that we have quite a few other authenticator extension capabilities set set as well. While webauthn:extension:uvm and webauthn:extension:largeBlob can be found in the WebAuthentication specification, there is no mentioning for webauthn:extension:prf and webauthn:extension:credBlob.

Dana, do you know why you've added those two extra capabilities?

Flags: needinfo?(dkeeler)

Here's the prf extension: https://w3c.github.io/webauthn/#prf-extension
Here's the credBlob extension: https://fidoalliance.org/specs/fido-v2.1-ps-20210615/fido-client-to-authenticator-protocol-v2.1-ps-20210615.html#sctn-credBlob-extension
The capabilities were included in the original patch I adapted from a contributor in bug 1676679.

Flags: needinfo?(dkeeler)

Oh, that's based on the editors draft of level 3. These capabilities cannot be found in the W3C hosted spec, which I was referring to. So if we support that new webauthn extensions then I'm fine. Thanks!

Flags: needinfo?(dkeeler)

We don't support them yet. I believe we intend to support prf (see bug 1863819), but not credBlob or largeBlob. I guess those capabilities can be removed?

Flags: needinfo?(dkeeler)
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: