[Webkit-unassigned] [Bug 236698] New: [WebAuthN] Registration fails The operation can’t be completed.

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Wed Feb 16 02:05:15 PST 2022 

https://bugs.webkit.org/show_bug.cgi?id=236698

            Bug ID: 236698
           Summary: [WebAuthN] Registration fails The operation can’t be
                    completed.
           Product: WebKit
           Version: Safari 15
          Hardware: Mac (Apple Silicon)
                OS: macOS 12
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: WebKit Misc.
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: zooms_vote_0t at icloud.com

As a registered user in http://admin.gandi.net , when registering a new security key for the account using TouchID WebAuthn in account security settings, the registration fails with error.

Reproduction:

 1. In account security settings, "Manage your security key authentication"

 2. In Register your security key: enter New token name: (I used "jessi TouchID", should not matter)

 3. Do you want to allow “gandi.net” to use Touch ID? Or you can use a security key. : Ok.

 4. Safari: "Safari" would like to use Touch ID for "gandi.net". Touch ID to allow this.

Actual behavior:

 5. Error dialog: "The operation can’t be completed.

Expected behavior:

 5. Successful registration.


The gandi.net WebAuthn registration works however on iOS (15.3.1) using FaceID.

I did some investigation using Inspector and obtained the parameters for publicKey

Object = $4
  O publickey: Object
    S attestation: "direct"
    >O challenge: Uint8Array [ ... ] (32)
    >O excludeCredentials: [Object, Object, Object] (3)
    >O extensions: {appidExclude: "https://account.gandi.net/api/u2f/trusted_facets.ison"]
    >O pubKeyCredparams: [ ... ]
    >O rp: {id: "gandi.net", name: "Gandi.net"}

https://twitter.com/joneskoo_yx/status/1492921076841603074?s=20


I can reproduce the error message if I go to https://webauthn.io and register selecting attestation: direct.

I believe the cause for the failure on Mac (but not iOS) may be that gandi sets in registration options: attestation: direct.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20220216/bda8d5af/attachment.htm>

More information about the webkit-unassigned mailing list