-
Notifications
You must be signed in to change notification settings - Fork 1.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Use distinct prompts during Windows WebAuthn registration #30195
Conversation
FYI @tobiaszheller. |
A few tests on Windows:
Took me a while to figure out I had to cancel the initial Hello PIN prompt to get it to prompt my Yubikey, but hey it works. (Nothing we can do about that either.) |
c5bad6b
to
276276f
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
lgtm, there is one more issue related to prompt messages on windows: #25051
276276f
to
2d987d3
Compare
@codingllama See the table below for backport results.
|
Clearly distinguish between "registered" and "new" devices on Windows "platform" prompts. This is relevant for Windows because it uses the system APIs for both Hello and WebAuthn devices.
I've decided against doing a similar change for Touch ID, as there isn't much to confuse there (lib/auth/touchid doesn't prompt devices other than Touch ID).
Changing the globals is safe because only one WebAuthn prompt happens at a time.
#17563
Changelog: Explicitly mention registered and new device when running
tsh mfa add
on Windows