Bug 206547 - [WebAuthn] authenticatorGetAssertion should be sent without pinAuth if UV = "discouraged"
Summary: [WebAuthn] authenticatorGetAssertion should be sent without pinAuth if UV = "...
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebKit Misc. (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Jiewen Tan
Keywords: InRadar
Depends on:
Blocks: 181943
  Show dependency treegraph
Reported: 2020-01-21 11:59 PST by Jiewen Tan
Modified: 2020-02-06 18:57 PST (History)
5 users (show)

See Also:

Patch (7.02 KB, patch)
2020-02-05 14:17 PST, Jiewen Tan
no flags Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Jiewen Tan 2020-01-21 11:59:03 PST
authenticatorGetAssertion should be sent without pinAuth if UV = "discouraged" even if the authenticator is protected by a PIN.
Comment 1 Radar WebKit Bug Importer 2020-01-21 11:59:33 PST
Comment 2 login Llama 2020-01-21 13:09:51 PST
If getInfo options reports "clientPin"=1 (pin set on device)

The platform should not negotiate or send pintoken if UserVerificationRequirement  is discouraged.

Until you have pintoken fully working  UserVerificationRequirement being absent or prefered should probably be interprited as discouraged.  That is what Google did until pintoken support was working.

If getInfo options reports "clientPin"=0 (pin not set on device)
Browsers should not do pintoken for absent, discouraged, or preferred.
For required Chrome and Edge are taking the user through setting a pin inline and then negotiating pintoken.
Comment 3 Jiewen Tan 2020-02-05 14:17:24 PST
Created attachment 389868 [details]
Comment 4 Brent Fulgham 2020-02-06 17:32:44 PST
Comment on attachment 389868 [details]

Comment 5 Jiewen Tan 2020-02-06 17:39:33 PST
Comment on attachment 389868 [details]

Thanks for r+ this patch.
Comment 6 WebKit Commit Bot 2020-02-06 18:56:58 PST
The commit-queue encountered the following flaky tests while processing attachment 389868 [details]:

imported/w3c/web-platform-tests/web-animations/timing-model/timelines/update-and-send-events-replacement.html bug 207335 (author: graouts@apple.com)
The commit-queue is continuing to process your patch.
Comment 7 WebKit Commit Bot 2020-02-06 18:57:35 PST
Comment on attachment 389868 [details]

Clearing flags on attachment: 389868

Committed r256001: <https://trac.webkit.org/changeset/256001>
Comment 8 WebKit Commit Bot 2020-02-06 18:57:37 PST
All reviewed patches have been landed.  Closing bug.