Summary: | [WebAuthn] authenticatorGetAssertion should be sent without pinAuth if UV = "discouraged" | ||||||
---|---|---|---|---|---|---|---|
Product: | WebKit | Reporter: | Jiewen Tan <jiewen_tan> | ||||
Component: | WebKit Misc. | Assignee: | Jiewen Tan <jiewen_tan> | ||||
Status: | RESOLVED FIXED | ||||||
Severity: | Normal | CC: | bfulgham, commit-queue, jiewen_tan, loginllama, webkit-bug-importer | ||||
Priority: | P2 | Keywords: | InRadar | ||||
Version: | WebKit Nightly Build | ||||||
Hardware: | Unspecified | ||||||
OS: | Unspecified | ||||||
Bug Depends on: | |||||||
Bug Blocks: | 181943 | ||||||
Attachments: |
|
Description
Jiewen Tan
2020-01-21 11:59:03 PST
If getInfo options reports "clientPin"=1 (pin set on device) The platform should not negotiate or send pintoken if UserVerificationRequirement is discouraged. Until you have pintoken fully working UserVerificationRequirement being absent or prefered should probably be interprited as discouraged. That is what Google did until pintoken support was working. If getInfo options reports "clientPin"=0 (pin not set on device) Browsers should not do pintoken for absent, discouraged, or preferred. For required Chrome and Edge are taking the user through setting a pin inline and then negotiating pintoken. Created attachment 389868 [details]
Patch
Comment on attachment 389868 [details]
Patch
r=me
Comment on attachment 389868 [details]
Patch
Thanks for r+ this patch.
The commit-queue encountered the following flaky tests while processing attachment 389868 [details]: imported/w3c/web-platform-tests/web-animations/timing-model/timelines/update-and-send-events-replacement.html bug 207335 (author: graouts@apple.com) The commit-queue is continuing to process your patch. Comment on attachment 389868 [details] Patch Clearing flags on attachment: 389868 Committed r256001: <https://trac.webkit.org/changeset/256001> All reviewed patches have been landed. Closing bug. |