[Bug]: WebAuthn Discoverable Credential (Resident Credential) #33353
Comments
ks75vl
changed the title
…33353 Enables support for Webauthn discoverable credentials (aka resident credentials). This allows users to authenticate without first having to select or type a username. To decide if discoverable credentials are supported, the class 'AuthenticatorCommon', in the chrome content code, indirectly calls the method 'context::WebAuthenticationDelegate.SupportsResidentKeys(..)'. The default implementation of this returns false, leaving it up to specific implementations to override. This change adds a new class 'ElectronWebAuthenticationDelegate' to subclass 'WebAuthenticationDelegate' and override the behaviour of the 'SupportsResidentKeys' method to return true. The implementation is copied from the Chrome browser equivalent 'ChromeWebAuthenticationDelegate', though the chrome class includes other methods that don't seem to be required for this functionality. The 'ElectronContentClient' class was also updated to store an instance of 'ElectronWebAuthenticationDelegate', and to provide an accessor method, GetWebAuthenticationDelegate().
|
Support for discoverable credentials with physical authenticators is disabled by default in chromium. |
* fix: WebAuthn Discoverable Credential (Resident Credential) #33353 Enables support for Webauthn discoverable credentials (aka resident credentials). This allows users to authenticate without first having to select or type a username. To decide if discoverable credentials are supported, the class 'AuthenticatorCommon', in the chrome content code, indirectly calls the method 'context::WebAuthenticationDelegate.SupportsResidentKeys(..)'. The default implementation of this returns false, leaving it up to specific implementations to override. This change adds a new class 'ElectronWebAuthenticationDelegate' to subclass 'WebAuthenticationDelegate' and override the behaviour of the 'SupportsResidentKeys' method to return true. The implementation is copied from the Chrome browser equivalent 'ChromeWebAuthenticationDelegate', though the chrome class includes other methods that don't seem to be required for this functionality. The 'ElectronContentClient' class was also updated to store an instance of 'ElectronWebAuthenticationDelegate', and to provide an accessor method, GetWebAuthenticationDelegate(). * Remove redundant, commented-out code * style: comment cleanup * style: updated comments and formatting based on pull request review * style: fix lint error on header guard clause
|
@ks75vl PR #35374 is now merged, so you may want to retest. |
ckerr
added
17-x-y
has-repro-gist
|
I'm assuming this feature has been introduced in
If |
|
This issue has been automatically marked as stale. If this issue is still affecting you, please leave any comment (for example, "bump"), and we'll keep it open. If you have any new additional information—in particular, if this is still reproducible in the latest version of Electron or in the beta—please include it with your comment! |
|
This issue has been closed due to inactivity, and will not be monitored. If this is a bug and you can reproduce this issue on a supported version of Electron please open a new issue and include instructions for reproducing the issue. |
…#35374) * fix: WebAuthn Discoverable Credential (Resident Credential) electron#33353 Enables support for Webauthn discoverable credentials (aka resident credentials). This allows users to authenticate without first having to select or type a username. To decide if discoverable credentials are supported, the class 'AuthenticatorCommon', in the chrome content code, indirectly calls the method 'context::WebAuthenticationDelegate.SupportsResidentKeys(..)'. The default implementation of this returns false, leaving it up to specific implementations to override. This change adds a new class 'ElectronWebAuthenticationDelegate' to subclass 'WebAuthenticationDelegate' and override the behaviour of the 'SupportsResidentKeys' method to return true. The implementation is copied from the Chrome browser equivalent 'ChromeWebAuthenticationDelegate', though the chrome class includes other methods that don't seem to be required for this functionality. The 'ElectronContentClient' class was also updated to store an instance of 'ElectronWebAuthenticationDelegate', and to provide an accessor method, GetWebAuthenticationDelegate(). * Remove redundant, commented-out code * style: comment cleanup * style: updated comments and formatting based on pull request review * style: fix lint error on header guard clause
Preflight Checklist
Electron Version
17.1.2
What operating system are you using?
Windows
Operating System Version
Windows 11 version 22H2
What arch are you using?
x64
Last Known Working Electron version
No response
Expected Behavior
After call
navigation.credential.get()with the appropriate parameters for getting resident credential from security key. Built-in Windows FIDO2 client should popup to guide the user to complete the request.Actual Behavior
An error was thrown:
NotSupportedError: Resident credentials or empty 'allowCredentials' lists are not supported at this time.Testcase Gist URL
https://gist.github.com/ks75vl/f6c49785a28f361c342ee60a56c2be38
Additional Information
#33271
The text was updated successfully, but these errors were encountered: