Bug 232501 - Authenticator is not falling back to clientPIN after internal verification fails and is blocked.
Summary: Authenticator is not falling back to clientPIN after internal verification fa...
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebCore Misc. (show other bugs)
Version: Safari Technology Preview
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: j_pascoe@apple.com
URL:
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2021-10-29 11:32 PDT by login Llama
Modified: 2022-02-09 14:46 PST (History)
7 users (show)

See Also:


Attachments
Patch (11.18 KB, patch)
2021-12-20 15:05 PST, j_pascoe@apple.com
no flags Details | Formatted Diff | Diff
Patch (13.40 KB, patch)
2021-12-20 15:07 PST, j_pascoe@apple.com
no flags Details | Formatted Diff | Diff
Patch (13.34 KB, patch)
2021-12-20 15:09 PST, j_pascoe@apple.com
no flags Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description login Llama 2021-10-29 11:32:10 PDT
Thanks for fixing https://bugs.webkit.org/show_bug.cgi?id=213903

I tested that it works on OSX STP 134.

However in testing I discovered that Safari is not detecting that internal UV is blocked and falling back to getPinToken (CTAP2.0) or getPinUvAuthTokenUsingUvWithPermissions (CTAP2.1).

Safari should fall back when it receives the CTAP2.0CTAP2_ERR_PIN_REQUIRED error and/or when the CTAP2.1 uvRetries <= 0.

That is the current behavior of Chrome and Windows.  

I grant you that the CTAP2.0 spec is less clear on this point than one might hope.

CTAP2.1 https://fidoalliance.org/specs/fido-v2.1-ps-20210615/fido-client-to-authenticator-protocol-v2.1-ps-20210615.html is clearer on how platforms should fall back to clientPin for CTAP2.0 authenticators than the CTAP2.0 spec was.

Regards
Comment 1 Radar WebKit Bug Importer 2021-11-01 20:46:34 PDT
<rdar://problem/84913636>
Comment 2 login Llama 2021-11-02 09:04:03 PDT
For Fido members this is the relevant issue on clarifying the platform actions section of the CTAP 2.1 specification on pin fallback. 
https://github.com/fido-alliance/fido-2-specs/issues/1303
Comment 3 j_pascoe@apple.com 2021-12-20 15:05:03 PST
Created attachment 447649 [details]
Patch
Comment 4 j_pascoe@apple.com 2021-12-20 15:07:29 PST
Created attachment 447650 [details]
Patch
Comment 5 j_pascoe@apple.com 2021-12-20 15:09:37 PST
Created attachment 447651 [details]
Patch
Comment 6 EWS 2021-12-21 08:10:24 PST
Committed r287315 (245467@main): <https://commits.webkit.org/245467@main>

All reviewed patches have been landed. Closing bug and clearing flags on attachment 447651 [details].
Comment 7 login Llama 2021-12-23 06:56:47 PST
I don't see this change in STP 137 yet.  

Let me know when I can retest.

Thanks
Comment 8 login Llama 2022-02-09 14:46:50 PST
Change tested and working in STP 140

Thanks