Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

add feature detection blurb... #1208

Closed
equalsJeffH opened this issue May 6, 2019 · 5 comments
Closed

add feature detection blurb... #1208

equalsJeffH opened this issue May 6, 2019 · 5 comments
Assignees
@timcappalli
Labels
@Risk Items that are at risk for L3 type:editorial
Milestone
L3-WD-01

Comments

@equalsJeffH
Copy link
Contributor

..pointing back to credman's section 7.1. Website Authors, which briefly & explicitly explains that trying to use if (!navigator.credentials) ... is suboptimal for feature detection, rather if (!window.PublicKeyCredential) ... ought be used. [the examples in webauthn already use the latter as feature detection, so they are already good]
@equalsJeffH equalsJeffH added this to the L2-WD-02 milestone May 6, 2019
@lgarron
Copy link
Contributor

lgarron commented Aug 21, 2019
edited

In webauthn-json (which is the library we're using in the GitHub codebase itself), we're using this:

export function supported(): boolean {
  return !!(navigator.credentials && navigator.credentials.create && navigator.credentials.get && window.PublicKeyCredential);
}

(https://github.com/github/webauthn-json/blob/61dfd2b004316f5ebc096dfd2ac0576318bfdee7/src/webauthn.ts#L28-L30)

Is that still the "recommended" way to detect support for security key operations?

@equalsJeffH
Copy link
Contributor Author

technically, according to credman's section 7.1. Website Authors, one only needs to check for window.<necessary-credential-type>, however I'm not a JS & client-side-dev expert. AFAIK, a user agent would need to implement all the things you're checking for in order to support "just" PublicKeyCredential so your thorough check ought to work correctly across various partial impls of crendential management?

@lgarron
Copy link
Contributor

lgarron commented Aug 21, 2019

Yeah, we had some issues with https://github.com/brave/brave-ios when we were trying to detect features we thought were needed for WebAuthn compat. Testing the recommended value + the functions that we'll need to call seemed like the best way to check that things will work as expected.

@nadalin nadalin modified the milestones: L2-WD-02, L2-WD-03 Oct 30, 2019
@equalsJeffH
Copy link
Contributor Author

i think this can be addressed in a milestone later than wd-03

@equalsJeffH equalsJeffH added the stat:puntable Issue or PR that is candidate to move to a later milestone label Jul 1, 2020
@nadalin nadalin removed the stat:puntable Issue or PR that is candidate to move to a later milestone label Jul 21, 2020
@equalsJeffH equalsJeffH added the stat:puntable Issue or PR that is candidate to move to a later milestone label Oct 13, 2020
@equalsJeffH equalsJeffH modified the milestones: L2-WD-04 Final, L2-CR Nov 11, 2020
@equalsJeffH equalsJeffH modified the milestones: L2-CR, L3-WD-01 Jan 20, 2021
@equalsJeffH equalsJeffH removed stat:puntable Issue or PR that is candidate to move to a later milestone priority:low labels Jan 20, 2021
@nadalin nadalin added the @Risk Items that are at risk for L3 label Jun 27, 2023
@timcappalli
Copy link
Member

being addressed by #1923

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@timcappalli timcappalli

Labels
@Risk Items that are at risk for L3 type:editorial
Projects
None yet
Milestone
L3-WD-01
Development

No branches or pull requests
4 participants
@equalsJeffH @lgarron @timcappalli @nadalin