Bug 232501

Summary: Authenticator is not falling back to clientPIN after internal verification fails and is blocked.
Product: WebKit Reporter: login Llama <loginllama>
Component: WebCore Misc.Assignee: pascoe <pascoe>
Status: RESOLVED FIXED    
Severity: Normal CC: bfulgham, darin, ews-watchlist, jiewen_tan, katherine_cheney, pascoe, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: Safari Technology Preview   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch
none
Patch
none
Patch none

login Llama
Reported 2021-10-29 11:32:10 PDT
Thanks for fixing https://bugs.webkit.org/show_bug.cgi?id=213903 I tested that it works on OSX STP 134. However in testing I discovered that Safari is not detecting that internal UV is blocked and falling back to getPinToken (CTAP2.0) or getPinUvAuthTokenUsingUvWithPermissions (CTAP2.1). Safari should fall back when it receives the CTAP2.0CTAP2_ERR_PIN_REQUIRED error and/or when the CTAP2.1 uvRetries <= 0. That is the current behavior of Chrome and Windows. I grant you that the CTAP2.0 spec is less clear on this point than one might hope. CTAP2.1 https://fidoalliance.org/specs/fido-v2.1-ps-20210615/fido-client-to-authenticator-protocol-v2.1-ps-20210615.html is clearer on how platforms should fall back to clientPin for CTAP2.0 authenticators than the CTAP2.0 spec was. Regards
Attachments
Patch (11.18 KB, patch)
2021-12-20 15:05 PST, pascoe@apple.com 		no flags
DetailsFormatted DiffDiff
Patch (13.40 KB, patch)
2021-12-20 15:07 PST, pascoe@apple.com 		no flags
DetailsFormatted DiffDiff
Patch (13.34 KB, patch)
2021-12-20 15:09 PST, pascoe@apple.com 		no flags
DetailsFormatted DiffDiff
Show Obsolete (2) View All Add attachment proposed patch, testcase, etc.
Radar WebKit Bug Importer
Comment 1 2021-11-01 20:46:34 PDT
<rdar://problem/84913636>
login Llama
Comment 2 2021-11-02 09:04:03 PDT
For Fido members this is the relevant issue on clarifying the platform actions section of the CTAP 2.1 specification on pin fallback. https://github.com/fido-alliance/fido-2-specs/issues/1303
pascoe@apple.com
Comment 3 2021-12-20 15:05:03 PST
Created attachment 447649 [details] Patch
pascoe@apple.com
Comment 4 2021-12-20 15:07:29 PST
Created attachment 447650 [details] Patch
pascoe@apple.com
Comment 5 2021-12-20 15:09:37 PST
Created attachment 447651 [details] Patch
EWS
Comment 6 2021-12-21 08:10:24 PST
Committed r287315 (245467@main): <https://commits.webkit.org/245467@main> All reviewed patches have been landed. Closing bug and clearing flags on attachment 447651 [details].
login Llama
Comment 7 2021-12-23 06:56:47 PST
I don't see this change in STP 137 yet. Let me know when I can retest. Thanks
login Llama
Comment 8 2022-02-09 14:46:50 PST
Change tested and working in STP 140 Thanks
Note You need to log in before you can comment on or make changes to this bug.