RESOLVED FIXED 182772
[WebAuthN] Enable LocalAuthenticator for macOS
https://bugs.webkit.org/show_bug.cgi?id=182772
Summary [WebAuthN] Enable LocalAuthenticator for macOS
Jiewen Tan
Reported 2018-02-13 22:15:23 PST
Implement macOS corresponding authenticator operations.
Attachments
Patch (30.85 KB, patch)
2019-05-23 01:08 PDT, Jiewen Tan
no flags
Patch (31.56 KB, patch)
2019-05-23 14:53 PDT, Jiewen Tan
no flags
Patch (31.63 KB, patch)
2019-05-23 16:35 PDT, Jiewen Tan
no flags
Patch (32.29 KB, patch)
2019-08-02 14:47 PDT, Jiewen Tan
no flags
Patch (32.43 KB, patch)
2019-08-06 12:08 PDT, Jiewen Tan
no flags
Jiewen Tan
Comment 1 2018-03-12 12:28:09 PDT
1. We could use kSecAttrNoLegacy=@YES SPI to enforce macOS Keychain to use the iOS Keychain. Such that we can unify the Keychain behaviors between iOS and macOS.
Radar WebKit Bug Importer
Comment 2 2018-08-15 13:41:23 PDT
Jiewen Tan
Comment 3 2019-05-23 01:08:11 PDT
Jiewen Tan
Comment 4 2019-05-23 14:53:52 PDT
EWS Watchlist
Comment 5 2019-05-23 16:34:02 PDT Comment hidden (obsolete)
Jiewen Tan
Comment 6 2019-05-23 16:35:03 PDT
Jiewen Tan
Comment 7 2019-08-02 14:47:59 PDT
Brent Fulgham
Comment 8 2019-08-02 15:07:04 PDT
Comment on attachment 375459 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=375459&action=review > LayoutTests/platform/mac-wk2/TestExpectations:914 > +http/wpt/webauthn/idl.https.html [ Failure ] Will these ever be Successes in the open source test environment? Maybe we should wait to un-skip then until they have the ability to use the modern keychain?
Jonathan Bedard
Comment 9 2019-08-02 15:21:08 PDT
(In reply to Brent Fulgham from comment #8) > Comment on attachment 375459 [details] > Patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=375459&action=review > > > LayoutTests/platform/mac-wk2/TestExpectations:914 > > +http/wpt/webauthn/idl.https.html [ Failure ] > > Will these ever be Successes in the open source test environment? Maybe we > should wait to un-skip then until they have the ability to use the modern > keychain? I have a Catalina seed install...I'd like to see what this patch does on that before landing it. I know especially that Jiewen was having trouble getting the keychain entitlements working, I'd like to see if we can sort that out.
Jiewen Tan
Comment 10 2019-08-02 15:25:34 PDT
(In reply to Brent Fulgham from comment #8) > Comment on attachment 375459 [details] > Patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=375459&action=review > > > LayoutTests/platform/mac-wk2/TestExpectations:914 > > +http/wpt/webauthn/idl.https.html [ Failure ] > > Will these ever be Successes in the open source test environment? Maybe we > should wait to un-skip then until they have the ability to use the modern > keychain? Thanks Brent for r+ this patch.
Jiewen Tan
Comment 11 2019-08-02 15:25:51 PDT
(In reply to Jonathan Bedard from comment #9) > (In reply to Brent Fulgham from comment #8) > > Comment on attachment 375459 [details] > > Patch > > > > View in context: > > https://bugs.webkit.org/attachment.cgi?id=375459&action=review > > > > > LayoutTests/platform/mac-wk2/TestExpectations:914 > > > +http/wpt/webauthn/idl.https.html [ Failure ] > > > > Will these ever be Successes in the open source test environment? Maybe we > > should wait to un-skip then until they have the ability to use the modern > > keychain? > > I have a Catalina seed install...I'd like to see what this patch does on > that before landing it. I know especially that Jiewen was having trouble > getting the keychain entitlements working, I'd like to see if we can sort > that out. Thanks Jonathan.
Jonathan Bedard
Comment 12 2019-08-02 17:01:51 PDT
Someone broke Catalina builds on the seeds...I will get to this first thing Monday morning. It's not super urgent because we don't have any Catalina seed automation yet.
Jonathan Bedard
Comment 13 2019-08-06 09:12:29 PDT
Comment on attachment 375459 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=375459&action=review >>>>> LayoutTests/platform/mac-wk2/TestExpectations:914 >>>>> +http/wpt/webauthn/idl.https.html [ Failure ] >>>> >>>> Will these ever be Successes in the open source test environment? Maybe we should wait to un-skip then until they have the ability to use the modern keychain? >>> >>> I have a Catalina seed install...I'd like to see what this patch does on that before landing it. I know especially that Jiewen was having trouble getting the keychain entitlements working, I'd like to see if we can sort that out. >> >> Thanks Brent for r+ this patch. > > Thanks Jonathan. I tried adopting the same code we use JSC tools, but no luck. I think we should change this comment to: 'Local authenticator tests require keychain entitlement' or something to that effect....I don't think we will be able to give that entitlement with adhoc code signing.
Jiewen Tan
Comment 14 2019-08-06 11:56:16 PDT
(In reply to Jonathan Bedard from comment #13) > Comment on attachment 375459 [details] > Patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=375459&action=review > > >>>>> LayoutTests/platform/mac-wk2/TestExpectations:914 > >>>>> +http/wpt/webauthn/idl.https.html [ Failure ] > >>>> > >>>> Will these ever be Successes in the open source test environment? Maybe we should wait to un-skip then until they have the ability to use the modern keychain? > >>> > >>> I have a Catalina seed install...I'd like to see what this patch does on that before landing it. I know especially that Jiewen was having trouble getting the keychain entitlements working, I'd like to see if we can sort that out. > >> > >> Thanks Brent for r+ this patch. > > > > Thanks Jonathan. > > I tried adopting the same code we use JSC tools, but no luck. > > I think we should change this comment to: 'Local authenticator tests require > keychain entitlement' or something to that effect....I don't think we will > be able to give that entitlement with adhoc code signing. Sure, I will change the comment to something more clear.
Jiewen Tan
Comment 15 2019-08-06 12:08:57 PDT
Jiewen Tan
Comment 16 2019-08-06 12:09:50 PDT
Comment on attachment 375641 [details] Patch I meant to land-safely...
Jonathan Bedard
Comment 17 2019-08-06 12:52:32 PDT
(In reply to Jiewen Tan from comment #16) > Comment on attachment 375641 [details] > Patch > > I meant to land-safely... For future reference, commit queue should be smart enough to understand the 'Reviewed by' line in your changelog, you don't need to r+ through the bugzilla UI (and in fact, I'm actually not sure what that will do)
WebKit Commit Bot
Comment 18 2019-08-06 12:54:50 PDT
Comment on attachment 375641 [details] Patch Clearing flags on attachment: 375641 Committed r248308: <https://trac.webkit.org/changeset/248308>
WebKit Commit Bot
Comment 19 2019-08-06 12:54:52 PDT
All reviewed patches have been landed. Closing bug.
Jiewen Tan
Comment 20 2019-08-06 13:03:55 PDT
(In reply to Jonathan Bedard from comment #17) > (In reply to Jiewen Tan from comment #16) > > Comment on attachment 375641 [details] > > Patch > > > > I meant to land-safely... > > For future reference, commit queue should be smart enough to understand the > 'Reviewed by' line in your changelog, you don't need to r+ through the > bugzilla UI (and in fact, I'm actually not sure what that will do) Thanks. I didn't know that.
Chris Dumez
Comment 21 2019-08-06 14:29:47 PDT
Comment on attachment 375641 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=375641&action=review > Source/WebKit/UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.mm:122 > + (id)kSecAttrNoLegacy: @YES This is deprecated and should probably not be used in new code. This broke the build for me.
Jiewen Tan
Comment 22 2019-08-06 14:40:27 PDT
(In reply to Chris Dumez from comment #21) > Comment on attachment 375641 [details] > Patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=375641&action=review > > > Source/WebKit/UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.mm:122 > > + (id)kSecAttrNoLegacy: @YES > > This is deprecated and should probably not be used in new code. This broke > the build for me. But the new API is only available for iOS 13 and macOS Catalina. I guess we should use ALLOW_DEPRECATED_DECLARATIONS_BEGIN/ALLOW_DEPRECATED_DECLARATIONS_END to guard it for now.
Jiewen Tan
Comment 23 2019-08-06 14:43:01 PDT
(In reply to Jiewen Tan from comment #22) > (In reply to Chris Dumez from comment #21) > > Comment on attachment 375641 [details] > > Patch > > > > View in context: > > https://bugs.webkit.org/attachment.cgi?id=375641&action=review > > > > > Source/WebKit/UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.mm:122 > > > + (id)kSecAttrNoLegacy: @YES > > > > This is deprecated and should probably not be used in new code. This broke > > the build for me. > > But the new API is only available for iOS 13 and macOS Catalina. I guess we > should use > ALLOW_DEPRECATED_DECLARATIONS_BEGIN/ALLOW_DEPRECATED_DECLARATIONS_END to > guard it for now. Sorry, I should probably guard it with OS Versions for the new API as a proper fix.
Jiewen Tan
Comment 24 2019-08-06 15:13:07 PDT
Jiewen Tan
Comment 25 2019-08-06 15:41:05 PDT
Jiewen Tan
Comment 26 2019-08-06 16:21:06 PDT
Ryan Haddad
Comment 27 2019-08-06 17:09:37 PDT
Ryan Haddad
Comment 28 2019-08-13 15:31:13 PDT
(In reply to Ryan Haddad from comment #27) > There are 8 webauthn tests failing an assertion on debug bots after r248308: > > https://build.webkit.org/results/ > Apple%20High%20Sierra%20Debug%20WK2%20(Tests)/r248311%20(8877)/results.html Skipped these tests in https://trac.webkit.org/changeset/248639/webkit since they aren't expected to work in open source.
Note You need to log in before you can comment on or make changes to this bug.