Bug 206547

Summary: [WebAuthn] authenticatorGetAssertion should be sent without pinAuth if UV = "discouraged"
Product: WebKit Reporter: Jiewen Tan <jiewen_tan>
Component: WebKit Misc.Assignee: Jiewen Tan <jiewen_tan>
Severity: Normal CC: bfulgham, commit-queue, jiewen_tan, loginllama, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Bug Depends on:    
Bug Blocks: 181943    
Description Flags
Patch none

Description Jiewen Tan 2020-01-21 11:59:03 PST
authenticatorGetAssertion should be sent without pinAuth if UV = "discouraged" even if the authenticator is protected by a PIN.
Comment 1 Radar WebKit Bug Importer 2020-01-21 11:59:33 PST
Comment 2 login Llama 2020-01-21 13:09:51 PST
If getInfo options reports "clientPin"=1 (pin set on device)

The platform should not negotiate or send pintoken if UserVerificationRequirement  is discouraged.

Until you have pintoken fully working  UserVerificationRequirement being absent or prefered should probably be interprited as discouraged.  That is what Google did until pintoken support was working.

If getInfo options reports "clientPin"=0 (pin not set on device)
Browsers should not do pintoken for absent, discouraged, or preferred.
For required Chrome and Edge are taking the user through setting a pin inline and then negotiating pintoken.
Comment 3 Jiewen Tan 2020-02-05 14:17:24 PST
Created attachment 389868 [details]
Comment 4 Brent Fulgham 2020-02-06 17:32:44 PST
Comment on attachment 389868 [details]

Comment 5 Jiewen Tan 2020-02-06 17:39:33 PST
Comment on attachment 389868 [details]

Thanks for r+ this patch.
Comment 6 WebKit Commit Bot 2020-02-06 18:56:58 PST
The commit-queue encountered the following flaky tests while processing attachment 389868 [details]:

imported/w3c/web-platform-tests/web-animations/timing-model/timelines/update-and-send-events-replacement.html bug 207335 (author: graouts@apple.com)
The commit-queue is continuing to process your patch.
Comment 7 WebKit Commit Bot 2020-02-06 18:57:35 PST
Comment on attachment 389868 [details]

Clearing flags on attachment: 389868

Committed r256001: <https://trac.webkit.org/changeset/256001>
Comment 8 WebKit Commit Bot 2020-02-06 18:57:37 PST
All reviewed patches have been landed.  Closing bug.