[webkit-changes] [WebKit/WebKit] a6664c: [WebAuthn] Give back user gesture freebie after su...

J Pascoe noreply at github.com
Thu Dec 15 10:49:30 PST 2022 

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: a6664c87fe8f76c799e342e496d18e852134d751
      https://github.com/WebKit/WebKit/commit/a6664c87fe8f76c799e342e496d18e852134d751
  Author: J Pascoe <j_pascoe at apple.com>
  Date:   2022-12-15 (Thu, 15 Dec 2022)

  Changed paths:
    M LayoutTests/http/wpt/webauthn/ctap-hid-success.https-expected.txt
    M LayoutTests/http/wpt/webauthn/idl.https-expected.txt
    M LayoutTests/http/wpt/webauthn/public-key-credential-create-success-ccid.https-expected.txt
    M LayoutTests/http/wpt/webauthn/public-key-credential-create-success-hid.https-expected.txt
    M LayoutTests/http/wpt/webauthn/public-key-credential-create-success-local.https-expected.txt
    M LayoutTests/http/wpt/webauthn/public-key-credential-create-success-nfc.https-expected.txt
    M LayoutTests/http/wpt/webauthn/public-key-credential-create-success-u2f.https-expected.txt
    M LayoutTests/http/wpt/webauthn/public-key-credential-get-success-hid.https-expected.txt
    M LayoutTests/http/wpt/webauthn/public-key-credential-get-success-local.https-expected.txt
    M LayoutTests/http/wpt/webauthn/public-key-credential-get-success-nfc.https-expected.txt
    M LayoutTests/http/wpt/webauthn/public-key-credential-get-success-u2f.https-expected.txt
    M Source/WebCore/Modules/webauthn/AuthenticatorCoordinator.cpp
    M Source/WebCore/Modules/webauthn/AuthenticatorCoordinator.h

  Log Message:
  -----------
  [WebAuthn] Give back user gesture freebie after successful assertion/registration
https://bugs.webkit.org/show_bug.cgi?id=244990
<rdar://99535178>

Reviewed by Brent Fulgham.

Some SPA-based application's user gestures don't register, causing headaches with WebAuthn
flows. Here we partially mitigate that issue by restoring the user gesture freebie upon a
successful registration/assertion. This does not make it possible for an RP to spam
WebAuthn calls as the freebie is only restored after the user provided consent for the previous
operation.

* Source/WebCore/Modules/webauthn/AuthenticatorCoordinator.cpp:
(WebCore::AuthenticatorCoordinator::create):
(WebCore::AuthenticatorCoordinator::discoverFromExternalSource):
(WebCore::AuthenticatorCoordinator::create const): Deleted.
(WebCore::AuthenticatorCoordinator::discoverFromExternalSource const): Deleted.
* Source/WebCore/Modules/webauthn/AuthenticatorCoordinator.h:
* Tools/TestWebKitAPI/Tests/WebKitCocoa/_WKWebAuthenticationPanel.mm:
(TestWebKitAPI::TEST):
* Tools/TestWebKitAPI/Tests/WebKitCocoa/web-authentication-make-credential-la-no-mock.html:

Canonical link: https://commits.webkit.org/257940@main

More information about the webkit-changes mailing list