Bug 213033

Summary: "Security Key NFC by Yubico" not detected via NFC on webauthn.bin.coffee
Product: WebKit Reporter: Casey Piper <piperc>
Component: WebKit Misc.Assignee: Nobody <webkit-unassigned>
Status: RESOLVED INVALID    
Severity: Normal CC: austinylin, jiewen_tan, krh, piperc, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: iPhone / iPad   
OS: iOS 13   
Bug Depends on:    
Bug Blocks: 181943    
Attachments:
Description Flags
Screenshot none

Description Casey Piper 2020-06-10 10:30:58 PDT
Created attachment 401554 [details]
Screenshot

"Security Key NFC by Yubico" (https://www.yubico.com/product/security-key-nfc-by-yubico-2-pack) not registering with webauthn.bin.coffee. Key works with 1Password but is not enrolling via webauthn.bin.coffee, or signing during Google login. Touching the key to the device has no effect, and system prompt remains.


Mozilla/5.0 (iPhone; CPU iPhone OS 13_5 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.1.1 Mobile/15E148 Safari/604.1
Comment 1 Casey Piper 2020-06-10 10:32:58 PDT
Hi Jiewen, please let me know if there is any way to provide logging information.

Thanks!
Comment 2 Radar WebKit Bug Importer 2020-06-10 22:46:57 PDT
<rdar://problem/64240942>
Comment 3 Kayla Hanson 2020-06-11 11:21:27 PDT
Hi Folks,

Yubico support for this key confirmed that "iOS' native support for WebAuthn does not support FIDO2 authenticators with PINs set, so if you have one set, this may be the reason that the webauthn.bin.coffee test isn't working."

Disabling the FIDO2 PIN on the key we had the issue with (via Yubico's "YubiKey Manager") resolved this. Key now WAI on webauthn.bin.coffee and Google sign in in.

Please feel free to close this issue or mark as a dupe if there is a tracking bug for support for FIDO2 w/ set PIN.

Thanks!
Comment 4 Jiewen Tan 2020-06-11 11:28:01 PDT
(In reply to Kayla Hanson from comment #3)
> Hi Folks,
> 
> Yubico support for this key confirmed that "iOS' native support for WebAuthn
> does not support FIDO2 authenticators with PINs set, so if you have one set,
> this may be the reason that the webauthn.bin.coffee test isn't working."
> 
> Disabling the FIDO2 PIN on the key we had the issue with (via Yubico's
> "YubiKey Manager") resolved this. Key now WAI on webauthn.bin.coffee and
> Google sign in in.
> 
> Please feel free to close this issue or mark as a dupe if there is a
> tracking bug for support for FIDO2 w/ set PIN.
> 
> Thanks!

Cool. Thanks, Kayla.