Skip to content
Browse files
[WebAuthn] Upgrading a legacy platform credential to a passkey does n…
…ot delete the legacy credential

Reviewed by Brent Fulgham.

* Source/WebKit/UIProcess/WebAuthentication/Cocoa/
(WebKit::LocalAuthenticator::deleteDuplicateCredential const):
Query credentials by user handle, regardless of sync status to properly remove
legacy credentials.

Canonical link:
git-svn-id: 268f45cc-cd09-0410-ab3c-d52691b4dbfc
  • Loading branch information
pascoej committed Jun 17, 2022
1 parent 43ca250 commit 3af8fcbef175decc1fdb35973bcab6910c592bff
Showing 1 changed file with 4 additions and 5 deletions.
@@ -670,15 +670,14 @@ static inline uint8_t authDataFlags(ClientDataType type, LocalConnection::UserVe
if (memcmp(userHandle->data(),, userHandle->byteLength()))
return false;

auto query = adoptNS([[NSMutableDictionary alloc] init]);
[query setDictionary:@{
NSDictionary *query = @{
(id)kSecClass: (id)kSecClassKey,
(id)kSecAttrApplicationLabel: toNSData(credential->rawId()).get(),
(id)kSecAttrSynchronizable: (id)kSecAttrSynchronizableAny,
(id)kSecUseDataProtectionKeychain: @YES

OSStatus status = SecItemDelete((__bridge CFDictionaryRef)query.get());
OSStatus status = SecItemDelete((__bridge CFDictionaryRef)query);
if (status && status != errSecItemNotFound)
LOG_ERROR(makeString("Couldn't delete older credential: "_s, status).utf8().data());
return true;

0 comments on commit 3af8fcb

Please sign in to comment.