[Webkit-unassigned] [Bug 213903] [WebAuthn] authenticators supporting internal uv and pinToken defaulting to client pin
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Sep 18 17:11:19 PDT 2020
https://bugs.webkit.org/show_bug.cgi?id=213903
--- Comment #6 from Jiewen Tan <jiewen_tan at apple.com> ---
(In reply to login Llama from comment #1)
> iOS 14 performs client PIN authentication with any authenticator advertising
> clientPin= True in authenticatorGetInfo. Most authentication that support
> internal uv also support pinToken.
>
> For authentication that have both clientPin=True and uv=true in CTAP2.0
> (Logic changes in CTAP2.1) if uv is required, the platform should first do
> authenticatorGetCredential with the uv option set to 1.
>
> The authenticator will return an assertion or an error.
> CTAP2_ERR_OPERATION_DENIED 0x27 returned if the authenticator doesn't want
> pin fallback.
> CTAP2_ERR_PIN_REQUIRED 0x35 returned if uv mismatch wanting a fallback to
> clientPin
>
> If the error is CTAP2_ERR_PIN_REQUIRED then the platform should then do:
> authenticatorClientPIN (0x06) getKeyAgreement
> authenticatorClientPIN (0x06) getPINToken
>
> Then retry authenticatorGetCredential with pinAuth.
Couldn't find the exact text corresponding to the description here in the current CTAP 2.1 spec. @John, could you point me to it?
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20200919/e6c18d60/attachment-0001.htm>
More information about the webkit-unassigned
mailing list