RESOLVED FIXED 206547
[WebAuthn] authenticatorGetAssertion should be sent without pinAuth if UV = "discouraged"
https://bugs.webkit.org/show_bug.cgi?id=206547
Summary [WebAuthn] authenticatorGetAssertion should be sent without pinAuth if UV = "...
Jiewen Tan
Reported 2020-01-21 11:59:03 PST
authenticatorGetAssertion should be sent without pinAuth if UV = "discouraged" even if the authenticator is protected by a PIN.
Attachments
Patch (7.02 KB, patch)
2020-02-05 14:17 PST, Jiewen Tan
no flags
Radar WebKit Bug Importer
Comment 1 2020-01-21 11:59:33 PST
login Llama
Comment 2 2020-01-21 13:09:51 PST
If getInfo options reports "clientPin"=1 (pin set on device) The platform should not negotiate or send pintoken if UserVerificationRequirement is discouraged. Until you have pintoken fully working UserVerificationRequirement being absent or prefered should probably be interprited as discouraged. That is what Google did until pintoken support was working. If getInfo options reports "clientPin"=0 (pin not set on device) Browsers should not do pintoken for absent, discouraged, or preferred. For required Chrome and Edge are taking the user through setting a pin inline and then negotiating pintoken.
Jiewen Tan
Comment 3 2020-02-05 14:17:24 PST
Brent Fulgham
Comment 4 2020-02-06 17:32:44 PST
Comment on attachment 389868 [details] Patch r=me
Jiewen Tan
Comment 5 2020-02-06 17:39:33 PST
Comment on attachment 389868 [details] Patch Thanks for r+ this patch.
WebKit Commit Bot
Comment 6 2020-02-06 18:56:58 PST
The commit-queue encountered the following flaky tests while processing attachment 389868 [details]: imported/w3c/web-platform-tests/web-animations/timing-model/timelines/update-and-send-events-replacement.html bug 207335 (author: graouts@apple.com) The commit-queue is continuing to process your patch.
WebKit Commit Bot
Comment 7 2020-02-06 18:57:35 PST
Comment on attachment 389868 [details] Patch Clearing flags on attachment: 389868 Committed r256001: <https://trac.webkit.org/changeset/256001>
WebKit Commit Bot
Comment 8 2020-02-06 18:57:37 PST
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.