[Webkit-unassigned] [Bug 248863] New: WebAuthn conditional UI in clamshell mode does not honour UV required on repeated assertions

Wed Dec 7 02:52:42 PST 2022

https://bugs.webkit.org/show_bug.cgi?id=248863

            Bug ID: 248863
           Summary: WebAuthn conditional UI in clamshell mode does not
                    honour UV required on repeated assertions
           Product: WebKit
           Version: Safari Technology Preview
          Hardware: Mac (Intel)
                OS: macOS 12
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: WebKit Misc.
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: eirbjo at gmail.com

Bug 244164 fixed an issue where conditional UI assertions did not set the UV flag.

Using Safari Technology Preview Release 159 (Safari 16.4, WebKit 17615.1.12.130.1), it seems the problem still manifests under the following conditions:

1: The computer is in clamshell mode (such that the TouchID sensor is unavailable)
2: The conditional UI assertion is the second (or later) assertion in the browser session.

This makes it impossible for users in clamshell mode to perform reauthentication, switch user into other user accounts, etc.

Steps to verify:

1: Use a laptop Mac in clamshell mode
2: Perform a successful conditional UI assertion by providing the account passord as a fallback for TouchID. The assertion has the UV flag set 
3: Log out of the application and initiate a second conditional UI assertion
4: Observe that an assertion is performed, without user interaction, and that the UV flag is not set

Notice that the non-conditional UI flow seems to work as expected, also in clamshell mode.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20221207/b74830c4/attachment.htm>