-
Notifications
You must be signed in to change notification settings - Fork 441
Can't Authenticate to Microsoft Accounts using a Security Key on iOS using WebAuthn #1584
Comments
We are not receiving the error:
It does work on Desktop though :S Also fails to register:
Well.. I checked everything. Responses, Requests, everything.. Only thing I can think of is a bug in the SDK. |
Edge has a default of asking for PIN if it is unspecified and the authenticator has one set. The authenticator would only send back PinRequired for a make credential if a pin is set. I do note in one test I did on a key with no pin set and sending UV required from the RP it didn't prompt me to set a pin. That may be a surprise to some RP. For getting a credential with pin set, no allow list and UV set to preferred/required I am seeing a UP bit not set error in the browser. That is with Brave 1.11.4 I just noticed that there is a new version I will give that a try. |
1.12.1 has the same error with UP not being set. If Microsoft were properly setting UV then we would see that error. With Brave having a different default for UV being undefined Microsoft gets back an assertion that has UV=0 and giving an error. Credprotect also now needs to be considered. Pre credprotect browsers have been doing UV=0, UP=0 to see if the authenticator has credentials of interest. Then getting the pin and asking for the credential. Now with Google Chrome setting credprotect level 2 by default, browsers need to ask for the PIN before looking for credentials especially when there is no allow list. Otherwise, the authenticator will hide the credentials if you try and do a get with no UV or Pintoken. Currently, windows is broken finding credentials if they are created in Chrome on OSX because of this. The behavior is fixed in Win 20H1, and I am arguing that it deserves a backport. |
Closing as we've deprecated the |
Description:
Authentication against Microsoft Accounts fails when authenticating with a security key (I used the YubiKey 5Ci). Key prompt is being displayed, but PIN is not prompted for and authentication fails. Microsoft is using WebAuthn to enable the authentication flow.
Steps to Reproduce
On a desktop or laptop:
On an iPhone:
Actual result:
Authentication fails. :(
Expected result:
User should be prompted for PIN and to authenticate successfully.
Reproduces how often: [Easily reproduced, Intermittent Issue]
Easily reproduced
Brave Version:
v. 1.11.4 (19.08.29.21)
Device details:
iPhone 8 v. 12.4.1
iPhone XS v. 12.3.1
Website problems only:
Using WebAuthn - not supported in Safari or Firefox on iOS
Additional Information
The text was updated successfully, but these errors were encountered: