232501 – Authenticator is not falling back to clientPIN after internal verification fails and is blocked.

RESOLVED FIXED 232501

Authenticator is not falling back to clientPIN after internal verification fails and is blocked.

https://bugs.webkit.org/show_bug.cgi?id=232501

Summary Authenticator is not falling back to clientPIN after internal verification fa...

Reported 2021-10-29 11:32:10 PDT

Thanks for fixing https://bugs.webkit.org/show_bug.cgi?id=213903 I tested that it works on OSX STP 134. However in testing I discovered that Safari is not detecting that internal UV is blocked and falling back to getPinToken (CTAP2.0) or getPinUvAuthTokenUsingUvWithPermissions (CTAP2.1). Safari should fall back when it receives the CTAP2.0CTAP2_ERR_PIN_REQUIRED error and/or when the CTAP2.1 uvRetries <= 0. That is the current behavior of Chrome and Windows. I grant you that the CTAP2.0 spec is less clear on this point than one might hope. CTAP2.1 https://fidoalliance.org/specs/fido-v2.1-ps-20210615/fido-client-to-authenticator-protocol-v2.1-ps-20210615.html is clearer on how platforms should fall back to clientPin for CTAP2.0 authenticators than the CTAP2.0 spec was. Regards

Attachments
Patch (11.18 KB, patch) 2021-12-20 15:05 PST, pascoe@apple.com	no flags	Details Formatted Diff Diff
Patch (13.40 KB, patch) 2021-12-20 15:07 PST, pascoe@apple.com	no flags	Details Formatted Diff Diff
Patch (13.34 KB, patch) 2021-12-20 15:09 PST, pascoe@apple.com	no flags	Details Formatted Diff Diff
Show Obsolete (2) View All Add attachment proposed patch, testcase, etc.

Radar WebKit Bug Importer

Comment 1 2021-11-01 20:46:34 PDT

<rdar://problem/84913636>

Comment 2 2021-11-02 09:04:03 PDT

For Fido members this is the relevant issue on clarifying the platform actions section of the CTAP 2.1 specification on pin fallback. https://github.com/fido-alliance/fido-2-specs/issues/1303

pascoe@apple.com

Comment 3 2021-12-20 15:05:03 PST

Created attachment 447649 [details] Patch

pascoe@apple.com

Comment 4 2021-12-20 15:07:29 PST

Created attachment 447650 [details] Patch

pascoe@apple.com

Comment 5 2021-12-20 15:09:37 PST

Created attachment 447651 [details] Patch

EWS

Comment 6 2021-12-21 08:10:24 PST

Committed r287315 (245467@main): <https://commits.webkit.org/245467@main> All reviewed patches have been landed. Closing bug and clearing flags on attachment 447651 [details].

Comment 7 2021-12-23 06:56:47 PST

I don't see this change in STP 137 yet. Let me know when I can retest. Thanks

Comment 8 2022-02-09 14:46:50 PST

Change tested and working in STP 140 Thanks

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution FIXED

Priority P2

Severity Normal

Classification Unclassified

Version Safari Technology Preview

Hardware Unspecified

OS Unspecified

Product WebKit

Component WebCore Misc.

Assignee

pascoe@apple.com

Reported

2021-10-29 11:32 PDT

Modified

2022-02-09 14:46 PST History

CC List

7 users Show

URL

Keywords InRadar

Depends on

Blocks