WebKit Bugzilla
New
Browse
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
RESOLVED FIXED
182772
[WebAuthN] Enable LocalAuthenticator for macOS
https://bugs.webkit.org/show_bug.cgi?id=182772
Summary
[WebAuthN] Enable LocalAuthenticator for macOS
Jiewen Tan
Reported
2018-02-13 22:15:23 PST
Implement macOS corresponding authenticator operations.
Attachments
Patch
(30.85 KB, patch)
2019-05-23 01:08 PDT
,
Jiewen Tan
no flags
Details
Formatted Diff
Diff
Patch
(31.56 KB, patch)
2019-05-23 14:53 PDT
,
Jiewen Tan
no flags
Details
Formatted Diff
Diff
Patch
(31.63 KB, patch)
2019-05-23 16:35 PDT
,
Jiewen Tan
no flags
Details
Formatted Diff
Diff
Patch
(32.29 KB, patch)
2019-08-02 14:47 PDT
,
Jiewen Tan
no flags
Details
Formatted Diff
Diff
Patch
(32.43 KB, patch)
2019-08-06 12:08 PDT
,
Jiewen Tan
no flags
Details
Formatted Diff
Diff
Show Obsolete
(4)
View All
Add attachment
proposed patch, testcase, etc.
Jiewen Tan
Comment 1
2018-03-12 12:28:09 PDT
1. We could use kSecAttrNoLegacy=@YES SPI to enforce macOS Keychain to use the iOS Keychain. Such that we can unify the Keychain behaviors between iOS and macOS.
Radar WebKit Bug Importer
Comment 2
2018-08-15 13:41:23 PDT
<
rdar://problem/43347920
>
Jiewen Tan
Comment 3
2019-05-23 01:08:11 PDT
Created
attachment 370494
[details]
Patch
Jiewen Tan
Comment 4
2019-05-23 14:53:52 PDT
Created
attachment 370522
[details]
Patch
EWS Watchlist
Comment 5
2019-05-23 16:34:02 PDT
Comment hidden (obsolete)
Comment on
attachment 370522
[details]
Patch
Attachment 370522
[details]
did not pass jsc-ews (mac): Output:
https://webkit-queues.webkit.org/results/12272517
New failing tests: mozilla-tests.yaml/js1_5/Array/regress-101964.js.mozilla-baseline apiTests
Jiewen Tan
Comment 6
2019-05-23 16:35:03 PDT
Created
attachment 370531
[details]
Patch
Jiewen Tan
Comment 7
2019-08-02 14:47:59 PDT
Created
attachment 375459
[details]
Patch
Brent Fulgham
Comment 8
2019-08-02 15:07:04 PDT
Comment on
attachment 375459
[details]
Patch View in context:
https://bugs.webkit.org/attachment.cgi?id=375459&action=review
> LayoutTests/platform/mac-wk2/TestExpectations:914 > +http/wpt/webauthn/idl.https.html [ Failure ]
Will these ever be Successes in the open source test environment? Maybe we should wait to un-skip then until they have the ability to use the modern keychain?
Jonathan Bedard
Comment 9
2019-08-02 15:21:08 PDT
(In reply to Brent Fulgham from
comment #8
)
> Comment on
attachment 375459
[details]
> Patch > > View in context: >
https://bugs.webkit.org/attachment.cgi?id=375459&action=review
> > > LayoutTests/platform/mac-wk2/TestExpectations:914 > > +http/wpt/webauthn/idl.https.html [ Failure ] > > Will these ever be Successes in the open source test environment? Maybe we > should wait to un-skip then until they have the ability to use the modern > keychain?
I have a Catalina seed install...I'd like to see what this patch does on that before landing it. I know especially that Jiewen was having trouble getting the keychain entitlements working, I'd like to see if we can sort that out.
Jiewen Tan
Comment 10
2019-08-02 15:25:34 PDT
(In reply to Brent Fulgham from
comment #8
)
> Comment on
attachment 375459
[details]
> Patch > > View in context: >
https://bugs.webkit.org/attachment.cgi?id=375459&action=review
> > > LayoutTests/platform/mac-wk2/TestExpectations:914 > > +http/wpt/webauthn/idl.https.html [ Failure ] > > Will these ever be Successes in the open source test environment? Maybe we > should wait to un-skip then until they have the ability to use the modern > keychain?
Thanks Brent for r+ this patch.
Jiewen Tan
Comment 11
2019-08-02 15:25:51 PDT
(In reply to Jonathan Bedard from
comment #9
)
> (In reply to Brent Fulgham from
comment #8
) > > Comment on
attachment 375459
[details]
> > Patch > > > > View in context: > >
https://bugs.webkit.org/attachment.cgi?id=375459&action=review
> > > > > LayoutTests/platform/mac-wk2/TestExpectations:914 > > > +http/wpt/webauthn/idl.https.html [ Failure ] > > > > Will these ever be Successes in the open source test environment? Maybe we > > should wait to un-skip then until they have the ability to use the modern > > keychain? > > I have a Catalina seed install...I'd like to see what this patch does on > that before landing it. I know especially that Jiewen was having trouble > getting the keychain entitlements working, I'd like to see if we can sort > that out.
Thanks Jonathan.
Jonathan Bedard
Comment 12
2019-08-02 17:01:51 PDT
Someone broke Catalina builds on the seeds...I will get to this first thing Monday morning. It's not super urgent because we don't have any Catalina seed automation yet.
Jonathan Bedard
Comment 13
2019-08-06 09:12:29 PDT
Comment on
attachment 375459
[details]
Patch View in context:
https://bugs.webkit.org/attachment.cgi?id=375459&action=review
>>>>> LayoutTests/platform/mac-wk2/TestExpectations:914 >>>>> +http/wpt/webauthn/idl.https.html [ Failure ] >>>> >>>> Will these ever be Successes in the open source test environment? Maybe we should wait to un-skip then until they have the ability to use the modern keychain? >>> >>> I have a Catalina seed install...I'd like to see what this patch does on that before landing it. I know especially that Jiewen was having trouble getting the keychain entitlements working, I'd like to see if we can sort that out. >> >> Thanks Brent for r+ this patch. > > Thanks Jonathan.
I tried adopting the same code we use JSC tools, but no luck. I think we should change this comment to: 'Local authenticator tests require keychain entitlement' or something to that effect....I don't think we will be able to give that entitlement with adhoc code signing.
Jiewen Tan
Comment 14
2019-08-06 11:56:16 PDT
(In reply to Jonathan Bedard from
comment #13
)
> Comment on
attachment 375459
[details]
> Patch > > View in context: >
https://bugs.webkit.org/attachment.cgi?id=375459&action=review
> > >>>>> LayoutTests/platform/mac-wk2/TestExpectations:914 > >>>>> +http/wpt/webauthn/idl.https.html [ Failure ] > >>>> > >>>> Will these ever be Successes in the open source test environment? Maybe we should wait to un-skip then until they have the ability to use the modern keychain? > >>> > >>> I have a Catalina seed install...I'd like to see what this patch does on that before landing it. I know especially that Jiewen was having trouble getting the keychain entitlements working, I'd like to see if we can sort that out. > >> > >> Thanks Brent for r+ this patch. > > > > Thanks Jonathan. > > I tried adopting the same code we use JSC tools, but no luck. > > I think we should change this comment to: 'Local authenticator tests require > keychain entitlement' or something to that effect....I don't think we will > be able to give that entitlement with adhoc code signing.
Sure, I will change the comment to something more clear.
Jiewen Tan
Comment 15
2019-08-06 12:08:57 PDT
Created
attachment 375641
[details]
Patch
Jiewen Tan
Comment 16
2019-08-06 12:09:50 PDT
Comment on
attachment 375641
[details]
Patch I meant to land-safely...
Jonathan Bedard
Comment 17
2019-08-06 12:52:32 PDT
(In reply to Jiewen Tan from
comment #16
)
> Comment on
attachment 375641
[details]
> Patch > > I meant to land-safely...
For future reference, commit queue should be smart enough to understand the 'Reviewed by' line in your changelog, you don't need to r+ through the bugzilla UI (and in fact, I'm actually not sure what that will do)
WebKit Commit Bot
Comment 18
2019-08-06 12:54:50 PDT
Comment on
attachment 375641
[details]
Patch Clearing flags on attachment: 375641 Committed
r248308
: <
https://trac.webkit.org/changeset/248308
>
WebKit Commit Bot
Comment 19
2019-08-06 12:54:52 PDT
All reviewed patches have been landed. Closing bug.
Jiewen Tan
Comment 20
2019-08-06 13:03:55 PDT
(In reply to Jonathan Bedard from
comment #17
)
> (In reply to Jiewen Tan from
comment #16
) > > Comment on
attachment 375641
[details]
> > Patch > > > > I meant to land-safely... > > For future reference, commit queue should be smart enough to understand the > 'Reviewed by' line in your changelog, you don't need to r+ through the > bugzilla UI (and in fact, I'm actually not sure what that will do)
Thanks. I didn't know that.
Chris Dumez
Comment 21
2019-08-06 14:29:47 PDT
Comment on
attachment 375641
[details]
Patch View in context:
https://bugs.webkit.org/attachment.cgi?id=375641&action=review
> Source/WebKit/UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.mm:122 > + (id)kSecAttrNoLegacy: @YES
This is deprecated and should probably not be used in new code. This broke the build for me.
Jiewen Tan
Comment 22
2019-08-06 14:40:27 PDT
(In reply to Chris Dumez from
comment #21
)
> Comment on
attachment 375641
[details]
> Patch > > View in context: >
https://bugs.webkit.org/attachment.cgi?id=375641&action=review
> > > Source/WebKit/UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.mm:122 > > + (id)kSecAttrNoLegacy: @YES > > This is deprecated and should probably not be used in new code. This broke > the build for me.
But the new API is only available for iOS 13 and macOS Catalina. I guess we should use ALLOW_DEPRECATED_DECLARATIONS_BEGIN/ALLOW_DEPRECATED_DECLARATIONS_END to guard it for now.
Jiewen Tan
Comment 23
2019-08-06 14:43:01 PDT
(In reply to Jiewen Tan from
comment #22
)
> (In reply to Chris Dumez from
comment #21
) > > Comment on
attachment 375641
[details]
> > Patch > > > > View in context: > >
https://bugs.webkit.org/attachment.cgi?id=375641&action=review
> > > > > Source/WebKit/UIProcess/WebAuthentication/Cocoa/LocalAuthenticator.mm:122 > > > + (id)kSecAttrNoLegacy: @YES > > > > This is deprecated and should probably not be used in new code. This broke > > the build for me. > > But the new API is only available for iOS 13 and macOS Catalina. I guess we > should use > ALLOW_DEPRECATED_DECLARATIONS_BEGIN/ALLOW_DEPRECATED_DECLARATIONS_END to > guard it for now.
Sorry, I should probably guard it with OS Versions for the new API as a proper fix.
Jiewen Tan
Comment 24
2019-08-06 15:13:07 PDT
Build fix: Committed
r248319
: <
https://trac.webkit.org/changeset/248319
>
Jiewen Tan
Comment 25
2019-08-06 15:41:05 PDT
Committed
r248324
: <
https://trac.webkit.org/changeset/248324
>
Jiewen Tan
Comment 26
2019-08-06 16:21:06 PDT
Committed
r248325
: <
https://trac.webkit.org/changeset/248325
>
Ryan Haddad
Comment 27
2019-08-06 17:09:37 PDT
There are 8 webauthn tests failing an assertion on debug bots after
r248308
:
https://build.webkit.org/results/Apple%20High%20Sierra%20Debug%20WK2%20(Tests)/r248311%20(8877)/results.html
Ryan Haddad
Comment 28
2019-08-13 15:31:13 PDT
(In reply to Ryan Haddad from
comment #27
)
> There are 8 webauthn tests failing an assertion on debug bots after
r248308
: > >
https://build.webkit.org/results/
> Apple%20High%20Sierra%20Debug%20WK2%20(Tests)/r248311%20(8877)/results.html
Skipped these tests in
https://trac.webkit.org/changeset/248639/webkit
since they aren't expected to work in open source.
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug