Bug 274217

Summary:	navigator.credentials.create return Type error when authenticatorAttachment is null
Product:	WebKit	Reporter:	chunli <chunli>
Component:	WebKit Misc.	Assignee:	Nobody <webkit-unassigned>
Status:	NEW
Severity:	Normal	CC:	bfulgham, karlcow, pascoe, sihui_liu, webkit-bug-importer, wilander
Priority:	P2	Keywords:	BrowserCompat, InRadar
Version:	WebKit Nightly Build
Hardware:	Unspecified
OS:	Unspecified

chunli

Reported 2024-05-15 09:43:51 PDT

We found that we couldn't add a passkey in Safari due to a weird "Type error" from navigator.credentials.create, while other browsers like Chrome, Firefox, and Edge continued to work without any issues. The root cause was that our backend didn't return the authenticatorAttachment to the frontend, and the frontend passed authenticatorAttachment = null to navigator.credentials.create. We fixed the issue by removing it when the value was null, but according to the WebAuthn spec(https://www.w3.org/TR/webauthn-2/#dom-authenticatorselectioncriteria-authenticatorattachment), Safari should ignore the unknown value. From the spec: authenticatorAttachment, of type DOMString If this member is present, eligible authenticators are filtered to only authenticators attached with the specified § 5.4.5 Authenticator Attachment Enumeration (enum AuthenticatorAttachment). The value SHOULD be a member of AuthenticatorAttachment but client platforms MUST ignore unknown values, treating an unknown value as if the member does not exist.

Attachments
Add attachment proposed patch, testcase, etc.

Radar WebKit Bug Importer

Comment 1 2024-05-15 22:17:44 PDT

<rdar://problem/128177000>

Karl Dubost

Comment 2 2024-05-15 22:19:28 PDT

@chunli thanks for the report. A testcase would be helpful or at least the code when this manifests.

Karl Dubost

Comment 3 2024-05-15 22:24:44 PDT

Probably also need to double check with https://wpt.fyi/results/webauthn?label=master&label=experimental&aligned&q=webauthn%20safari%3Afail

chunli

Comment 4 2024-05-15 23:36:09 PDT

Hi, @karlcow Thank you for provide the wpt.fyi link. I think the test `authenticatorSelection attachment null` in https://wpt.fyi/results/webauthn/createcredential-passing.https.html?label=master&label=experimental&aligned&q=webauthn%20safari%3Afail matched what I reported, and I saw the Safari still red with `TypeError: Type error` error. I think the test code is: https://github.com/web-platform-tests/wpt/blob/42fc3843b3/webauthn/createcredential-passing.https.html#L112

Note You need to log in before you can comment on or make changes to this bug.