[Webkit-unassigned] [Bug 248863] New: WebAuthn conditional UI in clamshell mode does not honour UV required on repeated assertions
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Dec 7 02:52:42 PST 2022
https://bugs.webkit.org/show_bug.cgi?id=248863
Bug ID: 248863
Summary: WebAuthn conditional UI in clamshell mode does not
honour UV required on repeated assertions
Product: WebKit
Version: Safari Technology Preview
Hardware: Mac (Intel)
OS: macOS 12
Status: NEW
Severity: Normal
Priority: P2
Component: WebKit Misc.
Assignee: webkit-unassigned at lists.webkit.org
Reporter: eirbjo at gmail.com
Bug 244164 fixed an issue where conditional UI assertions did not set the UV flag.
Using Safari Technology Preview Release 159 (Safari 16.4, WebKit 17615.1.12.130.1), it seems the problem still manifests under the following conditions:
1: The computer is in clamshell mode (such that the TouchID sensor is unavailable)
2: The conditional UI assertion is the second (or later) assertion in the browser session.
This makes it impossible for users in clamshell mode to perform reauthentication, switch user into other user accounts, etc.
Steps to verify:
1: Use a laptop Mac in clamshell mode
2: Perform a successful conditional UI assertion by providing the account passord as a fallback for TouchID. The assertion has the UV flag set
3: Log out of the application and initiate a second conditional UI assertion
4: Observe that an assertion is performed, without user interaction, and that the UV flag is not set
Notice that the non-conditional UI flow seems to work as expected, also in clamshell mode.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20221207/b74830c4/attachment.htm>
More information about the webkit-unassigned
mailing list