Bug 213895 - [WebAuthn] problem with uv = required for getAssertion
Summary: [WebAuthn] problem with uv = required for getAssertion
Status: RESOLVED WORKSFORME
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebCore Misc. (show other bugs)
Version: Safari Technology Preview
Hardware: iPhone / iPad Other
: P2 Normal
Assignee: Nobody
URL:
Keywords:
Depends on:
Blocks: 181943
  Show dependency treegraph
 
Reported: 2020-07-02 12:26 PDT by login Llama
Modified: 2020-08-11 11:59 PDT (History)
2 users (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description login Llama 2020-07-02 12:26:54 PDT
In iOS 14 developer beta
The authenticator has a pin set:

The Authenticator is attached over USB/Lightning.

If in WebAuthn uv is unset, or set to preferred authentication works as expected the user is prompted for a pin and the credential is asserted with uv=1 in authenticator data.
If in WebAuthn uv is set to discouraged authentication works as expected the user is not prompted for a pin and the credential is asserted with uv=0 in authenticator data.

If in WebAuthn uv is set to required, the user is prompted to insert and activate the security key.  After doing UP the dialogue is stuck until it times out.

NFC attachment seems to have the same issue. 

Strange preferred works but not required.
Comment 1 login Llama 2020-07-03 12:39:29 PDT
Doing some more testing I discovered that uv = required from the RP will work if the authenticator advertises support for internal uv in its getInfo.

There is not a one to one mapping between uv in webAuthn and the UV option in getAssertion.
Comment 2 Jiewen Tan 2020-07-28 01:02:05 PDT
I have tried a Yubico Blue Security Key with PIN set, same model with no PIN, and a Feitian BioPass on https://webauthntest.azurewebsites.net with UV = required, and cannot reproduce. Can you suggest a more detailed way of reproducing the issue?