README.md: Firefox no longer needs an extension #69
Comments
Correct, I'm aware of that and even have been using it for two months without any issues. But it's still not available for everyone. As soon as it is, I'd be happy to remove the warning! |
@ChristophWurst |
No, because they won't get an official U2F support in FF I suppose. AFAIK U2F is included in FF57, but it's not enabled by default. It's just a beta feature. Is that correct? |
It's not enabled by default, but why does that make it a beta feature? |
I don't really care whether it's beta or not. As soon as it's enabled for all by default, the warning will be removed. Nothing is preventing you from using it already. |
@ChristophWurst Of what relevance is:-
|
Can imagine the reservation on the topic. It'd probably work with the extension as well (for existing users), but the clear direction of the firefox project is to use native capability. I haven't dug into differences in the implementaiotn between extension and built-in but as of 57 buiilt-in should be preferred over the extension for new users. |
This is now referred to in the ChangeLog of v1.5.0 😄 With Firefox 57 and later, enable Note: Submitted using my Yubikey to login to GitHub 👿 |
Good point. Wanna fix it and submit a pull request? That would be highly appreciated! |
With the release of Firefox 60, U2F is |
I'm on FF60 and |
@ChristophWurst You're right! I checked it and updated my earlier comment. |
What a bummer! Let me know when it's enabled by default so that we can finally remove that warning! |
Still disabled by default (FF61) 😢 |
As far as I understand support for the U2F standard is only partially implemented in Firefox, and probably for that reason disabled by default. Now that the new Webauthn standard is fully supported by Firefox (and enabled by default) I do not expect further development of the legacy U2F standard and it will likely remain disabled forever. |
The last time I checked the information about webauthn wasn't 100% clear on how the technology works and how it would be implemented in a real-world application. If you happen to know more about it, please let me know. |
I did not yet have a look into the specifics of Webauthn. I understand it is an extension of U2F (which is 2 factor only) with specifications for passwordless as well as multifactor support. So the logical development seems to be to upgrade the current U2F to Webauthn 2-factor (which should be backwards compatible with U2F hardware). |
I can confirm that my YubiKey U2F from 2015 works in firefox 62. Webauthn works by default without changes to
Source code to both demo pages is linked from the MDN article about WebAuthn, which is how I found the two working demos. I'd happily test this with the twofactor u2f app, but NC 13 won't even let me try (tells me that Chrome was the only browser supported) and NC 14 won't let me install the app, and I currently don't have enough time to go beyond "install from app directory". |
Yes, but does this app work out of the box? We still use the u2f lib/api.
That shouldn't be a problem, there are compatible releases: https://apps.nextcloud.com/apps/twofactor_u2f. You cannot use the latest one, though. |
I managed to install it to NC 14 now, and it currently does not work in unmodified Firefox. But as shown above it could be made to work already. Should I create a separate issue for that? |
As soon as there is good documentation of webauthn and how developers can make use of it in their apps, I'll look into this. Last time I checked there were just a few high-level posts about the feature. |
https://developer.mozilla.org/en-US/docs/Web/API/Web_Authentication_API |
Thanks! |
according to my about:config u2f is now enabled by default. Would anyone like to shoot a PR so this gets finally updated? :) |
As of Firefox 57, U2F support is built-in.
Some users may need to use
about:config
and enablesecurity.webauth.u2f
The text was updated successfully, but these errors were encountered: