Open Bug 1859367 Opened 7 months ago Updated 4 months ago

handle internal transport in macOS webauthn implementation

Categories

(Core :: DOM: Web Authentication, task)

Product:
Core
Component:
DOM: Web Authentication
Type:
task

Tracking

()

People

(Reporter: keeler, Unassigned)

References

Details

Bug 1853230 added a macOS implementation of webauthn using platform APIs. The function TransportsByteToTransportsArray translates from a byte describing some transports to an array of those transports using the platform definitions. Unfortunately, the platform doesn't have a definition for "internal" transport. When it does, that function should handle it.

Blocks: 1853230
See Also: → 1878397
See Also: 1878397

Any updates here? Since the release of Firefox 122, users have encountered a new popup for the WebAuthn challenge, and a critical functionality related to the transport is currently malfunctioning.

This user experience presents a significant inconvenience as users are currently required to interact with the security key twice. First, users need to press the security key to confirm its presence, and secondly, to authenticate with the challenge response. Additionally, if User Verification (UV) is enabled on the key, the flow becomes touch the key, enter the PIN, and then press the key again. This redundancy not only disrupts the fluidity of the authentication process but leads to user frustration and confusion due to the additional steps involved, especially when the user only registered a security key, not a passkey.

Github issue: https://github.com/mozilla/authenticator-rs/issues/330.

What behavior do you see in Safari?

Flags: needinfo?(drew.dani)

In Safari, U2F and FIDO2 keys work without showing the option of passkey when the USB transport is provided in WebAuthn.

Following the U2F->WebAuthn migration guide recommended by Yubico, the WebAuthn authentication in Safari, there are a few possible scenarios. Providing the appId extension in Safari, lets the authenticator know that the authentication is using a security key.

  1. U2F security key: shows the USB authenticator screenshot since U2F security keys are not able to store passkeys.
  2. FIDO2: shows the USB authenticator and if UV is enabled, the user can enter the security key PIN.

In Firefox, even with the USB transport, the default option is Passkey on a mobile device.

Steps to reproduce in FF122.0+:

  1. Open Firefox 122.
  2. Go to https://webauthn.me/debugger.
  3. Scroll down and Click the "Register" button.
  4. Select the "Security key" option and press continue.
  5. Touch the security key to register it with WebAuthn.
  6. Scroll down and click the Authenticate button.
  7. In the navigator.credentials.get API, check the "allowCredentials" "transports" and "USB".
  8. Click Authenticate and observe that the sign in options present iPhone, iPad, or Android device as the default, followed by the security key 1. second. Note the manual selection requirement for the USB authenticator.
Flags: needinfo?(drew.dani)
You need to log in before you can comment on or make changes to this bug.