Bug 271747
| Summary: | webauthn autofill no longer prefers passkeys | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | James Manger <james> |
| Component: | New Bugs | Assignee: | Nobody <webkit-unassigned> |
| Status: | RESOLVED FIXED | ||
| Severity: | Normal | CC: | ackermann.yuriy, bfulgham, pascoe, small.koala3721, webkit-bug-importer, wilander, wring_thrower.0a |
| Priority: | P2 | Keywords: | InRadar |
| Version: | Safari 17 | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
James Manger
A sign-in process that supports passkey and username+password options will often start with a form with a username field that has autocomplete="username webauthn" and a webauthn sign-in started with conditional-mediation. The user will often have a password saved for the site (in the iOS and/or Chrome password manager). Users with a passkey will also have that in their password manager.
iOS used to offer a great user experience (on iOS 17.3 with Chrome or Safari). Safari and Chrome would offer passkey as the first choice. Tap the username field; tap your offered passkey; Face ID; and you are signed-in.
Now the experience has been broken in many circumstances.
Chrome will offer the saved password, not the passkey. The key icon beside the offered password option brings up a list with passwords and passkeys; however selecting the passkey does not work -- it autofills username+password, but does not perform a passkey sign-in.
Safari will sometimes offer the passkey and sometimes a password. The key icon beside the offered password option brings up a list with passwords and passkeys; however selecting the passkey does not work -- it autofills username+password, but does not perform a passkey sign-in.
The option to sign-in with a cross-platform passkey is no longer available.
It is no longer clear how or if a website can trigger a great user experience that supports a customer base with mix of passkeys, passwords, and both.
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |
James Manger
Also noted on a FIDO Alliance public forum:
Passkey autofill stopped working on iOS 17.4 ASWebAuthenticationSession.
https://groups.google.com/a/fidoalliance.org/g/fido-dev/c/JuEW2uT_83Q
Radar WebKit Bug Importer
<rdar://problem/125831008>
wring_thrower.0a
+1 this behavior severely impacts the end to end flow for passkey adoption on web/webview.
small.koala
Still occurring in the latest iOS17.5 beta 3 released today.
Yuriy Ackermann
Still occurring in the latest iOS17.5.
Yuriy Ackermann
Still occurring in the latest iOS17.5.1 beta.
Yuriy Ackermann
After additional exploration, I found that only iCloud passkeys don't work. If you are using alternative passkey/password providers such as Dashlane, it works fine, so maybe iCloud Keychain issues?
Brent Fulgham
The cause of this bug was outside of the WebKit Open Source project. The fix for this shipped in iOS 17.5, so if reports are that this is still happening in iCloud we may need to do further investigation for that provider.