|Summary:||[WebAuthn] problem with uv = required for getAssertion|
|Product:||WebKit||Reporter:||login Llama <loginllama>|
|Component:||WebCore Misc.||Assignee:||Nobody <webkit-unassigned>|
|Version:||Safari Technology Preview|
|Hardware:||iPhone / iPad|
|Bug Depends on:|
Description login Llama 2020-07-02 12:26:54 PDT
In iOS 14 developer beta The authenticator has a pin set: The Authenticator is attached over USB/Lightning. If in WebAuthn uv is unset, or set to preferred authentication works as expected the user is prompted for a pin and the credential is asserted with uv=1 in authenticator data. If in WebAuthn uv is set to discouraged authentication works as expected the user is not prompted for a pin and the credential is asserted with uv=0 in authenticator data. If in WebAuthn uv is set to required, the user is prompted to insert and activate the security key. After doing UP the dialogue is stuck until it times out. NFC attachment seems to have the same issue. Strange preferred works but not required.
Comment 1 login Llama 2020-07-03 12:39:29 PDT
Doing some more testing I discovered that uv = required from the RP will work if the authenticator advertises support for internal uv in its getInfo. There is not a one to one mapping between uv in webAuthn and the UV option in getAssertion.