Bug 225199

Summary: WebAuthn "user gesture required" console message for .get references ".create"
Product: WebKit Reporter: matthew
Component: WebKit Misc.Assignee: Nobody <webkit-unassigned>
Status: NEW ---    
Severity: Normal CC: bfulgham, jiewen_tan, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: Safari 14   
Hardware: Mac (Intel)   
OS: macOS 11   
Attachments:
Description Flags
Screenshot of console output from within Safari referencing incorrect API none

Description matthew 2021-04-29 11:14:38 PDT 
Created attachment 427361 [details]
Screenshot of console output from within Safari referencing incorrect API

Calls to WebAuthn's `navigator.credentials.get()` outside of a user gesture errors out as expected. However, the console warning output from this operations mentions "navigator.credentials.create":

> User gesture is not detected. To use the WebAuthn API, call 'navigator.credentials.create' within user activated events.
Console output generated by a call to `navigator.credentials.get` should reference "navigator.credentials.get" instead.

This appears to be caused by a recent change to `WebAuthenticatorCoordinator::processingUserGesture()` that hardcodes "navigator.credentials.create" into the message:

https://trac.webkit.org/browser/webkit/branches/safari-611-branch/Source/WebKit/WebProcess/WebAuthentication/WebAuthenticatorCoordinator.cpp#L112

The following LayoutTests confirm that the same incorrect message is used for `navigator.credentials.get()` user gesture issues as well:

- webkit/branches/safari-611-branch/LayoutTests/http/wpt/webauthn/public-key-credential-get-failure-hid-silent.https-expected.txt
- webkit/branches/safari-611-branch/LayoutTests/http/wpt/webauthn/public-key-credential-get-failure-hid.https-expected.txt
- webkit/branches/safari-611-branch/LayoutTests/http/wpt/webauthn/public-key-credential-get-failure-local-silent.https-expected.txt
- webkit/branches/safari-611-branch/LayoutTests/http/wpt/webauthn/public-key-credential-get-failure-local.https-expected.txt
- webkit/branches/safari-611-branch/LayoutTests/http/wpt/webauthn/public-key-credential-get-failure-nfc.https-expected.txt
- webkit/branches/safari-611-branch/LayoutTests/http/wpt/webauthn/public-key-credential-get-failure-u2f-silent.https-expected.txt
- webkit/branches/safari-611-branch/LayoutTests/http/wpt/webauthn/public-key-credential-get-failure-u2f.https-expected.txt
- webkit/branches/safari-611-branch/LayoutTests/http/wpt/webauthn/public-key-credential-get-failure.https-expected.txt
- webkit/branches/safari-611-branch/LayoutTests/http/wpt/webauthn/public-key-credential-get-success-hid.https-expected.txt
- webkit/branches/safari-611-branch/LayoutTests/http/wpt/webauthn/public-key-credential-get-success-local.https-expected.txt
- webkit/branches/safari-611-branch/LayoutTests/http/wpt/webauthn/public-key-credential-get-success-nfc.https-expected.txt
- webkit/branches/safari-611-branch/LayoutTests/http/wpt/webauthn/public-key-credential-get-success-u2f.https-expected.txt
Comment 1 matthew 2021-04-30 08:50:02 PDT 
I should clarify that this is observed in Safari 14.1 on macOS 11.3
Comment 2 Radar WebKit Bug Importer 2021-05-06 11:15:40 PDT 
<rdar://problem/77616652>