203200 – [WebAuthn] Support appidExclude enrollment extension

NEW Bug 203200

[WebAuthn] Support appidExclude enrollment extension

https://bugs.webkit.org/show_bug.cgi?id=203200

Summary [WebAuthn] Support appidExclude enrollment extension

Casey Piper

Reported 2019-10-21 12:31:46 PDT

For relying parties that previously enrolled security keys via the U2F enrollment protocol, keys are bound to an application identifier, rather than the relying party id to which WebAuthn enrollments are bound. Since WebAuthn is meant to be backwards compatible with enrollments via U2F, the authentication extension appid can be provided during authentication [1]. Similarly, to prevent reregistration of the same credential when doing a WebAuthn enrollment, an extension [appidExclude] was added to the WebAuthn specification to first check if a key was enrolled via U2F before completing the WebAuthn enrollment [2][3] and report the key already registered if so. [1] https://bugs.webkit.org/show_bug.cgi?id=143491 [2] https://github.com/w3c/webauthn/pull/1244 [3] https://w3c.github.io/webauthn/#sctn-appid-exclude-extension

Attachments
Add attachment proposed patch, testcase, etc.

Jiewen Tan

Comment 1 2019-10-21 12:36:43 PDT

Will track this in an upcoming level 2 umbrella.

Jiewen Tan

Comment 2 2020-09-28 12:10:49 PDT

*** Bug 217050 has been marked as a duplicate of this bug. ***

Radar WebKit Bug Importer

Comment 3 2022-06-30 17:26:14 PDT

<rdar://problem/96257224>

Note You need to log in before you can comment on or make changes to this bug.

Status NEW

Resolution

Priority P2

Severity Normal

Classification Unclassified

Version Safari Technology Preview

Hardware Unspecified

OS Unspecified

Product WebKit

Component WebCore Misc.

Assignee

pascoe@apple.com

Reported

2019-10-21 12:31 PDT

Modified

2022-06-30 17:26 PDT History

CC List

5 users Show

URL

Keywords InRadar

Duplicates (1)

217050 View as bug list

Depends on

Blocks