Bug 213895
| Summary: | [WebAuthn] problem with uv = required for getAssertion | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | login Llama <loginllama> |
| Component: | WebCore Misc. | Assignee: | Nobody <webkit-unassigned> |
| Status: | RESOLVED WORKSFORME | ||
| Severity: | Normal | CC: | jiewen_tan, loginllama |
| Priority: | P2 | ||
| Version: | Safari Technology Preview | ||
| Hardware: | iPhone / iPad | ||
| OS: | Other | ||
| Bug Depends on: | |||
| Bug Blocks: | 181943 | ||
login Llama
In iOS 14 developer beta
The authenticator has a pin set:
The Authenticator is attached over USB/Lightning.
If in WebAuthn uv is unset, or set to preferred authentication works as expected the user is prompted for a pin and the credential is asserted with uv=1 in authenticator data.
If in WebAuthn uv is set to discouraged authentication works as expected the user is not prompted for a pin and the credential is asserted with uv=0 in authenticator data.
If in WebAuthn uv is set to required, the user is prompted to insert and activate the security key. After doing UP the dialogue is stuck until it times out.
NFC attachment seems to have the same issue.
Strange preferred works but not required.
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |
login Llama
Doing some more testing I discovered that uv = required from the RP will work if the authenticator advertises support for internal uv in its getInfo.
There is not a one to one mapping between uv in webAuthn and the UV option in getAssertion.
Jiewen Tan
I have tried a Yubico Blue Security Key with PIN set, same model with no PIN, and a Feitian BioPass on https://webauthntest.azurewebsites.net with UV = required, and cannot reproduce. Can you suggest a more detailed way of reproducing the issue?