[Webkit-unassigned] [Bug 232501] New: Authenticator is not falling back to clientPIN after internal verification fails and is blocked.
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Oct 29 11:32:10 PDT 2021
https://bugs.webkit.org/show_bug.cgi?id=232501
Bug ID: 232501
Summary: Authenticator is not falling back to clientPIN after
internal verification fails and is blocked.
Product: WebKit
Version: Safari Technology Preview
Hardware: Unspecified
OS: Unspecified
Status: NEW
Severity: Normal
Priority: P2
Component: WebCore Misc.
Assignee: webkit-unassigned at lists.webkit.org
Reporter: loginllama at gmail.com
Thanks for fixing https://bugs.webkit.org/show_bug.cgi?id=213903
I tested that it works on OSX STP 134.
However in testing I discovered that Safari is not detecting that internal UV is blocked and falling back to getPinToken (CTAP2.0) or getPinUvAuthTokenUsingUvWithPermissions (CTAP2.1).
Safari should fall back when it receives the CTAP2.0CTAP2_ERR_PIN_REQUIRED error and/or when the CTAP2.1 uvRetries <= 0.
That is the current behavior of Chrome and Windows.
I grant you that the CTAP2.0 spec is less clear on this point than one might hope.
CTAP2.1 https://fidoalliance.org/specs/fido-v2.1-ps-20210615/fido-client-to-authenticator-protocol-v2.1-ps-20210615.html is clearer on how platforms should fall back to clientPin for CTAP2.0 authenticators than the CTAP2.0 spec was.
Regards
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20211029/64fedd9b/attachment.htm>
More information about the webkit-unassigned
mailing list