-
Notifications
You must be signed in to change notification settings - Fork 166
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Platform authenticators and key stores #851
Comments
The RP will indeed get an ambiguous For example, Google's current U2F login currently shows a prominent "Having trouble?" button while waiting for the user to use their U2F key. Clicking the button allows the user to retry or try a different login method, and timeout and failure also sends the user to this same view. I think this kind of approach is very applicable to WebAuthn as well, for both platform and roaming credentials. |
discussed on 2018-03-28 webauthn call: @christiaanbrand acks that they have been thinking about this -- thinks their current impl ignores the spec in this case... at least on Android, they know that a "key got wiped" and so can be smarter about it, but am not sure all platforms have that info available. @akshayku how do you know to fallback to the external authnrs in this case? @christiaanbrand: android knows that a key existed at one time. wonders whether we ought to introduce the attachment parm to the get() request (#getAssertion). this is not optimal soln because what if user is using different profiles/personas (?).... need to think about this. @akshayku: windows has system restore notion which wipes the entire machine and all knowledge goes away.... platformResident keys will disappear... @christiaanbrand: there's a bunch of subtleties to this and wishes to discuss this further |
Do we envision tweaking the API for this? In that case, perhaps it could be solved by adding a (non-signed) I think we also need to be careful with what kind of error to throw in that case. As we've discussed before, returning an error immediately could leak identifying information. On the other hand I think that showing an immediate browser popup informing the user, without immediately resolving the promise, shouldn't be an issue. |
related to issue #889 |
See also: PR #882 |
@akshayku suggested on the 2-May-18 call that we discuss this in the upcoming plenary. |
PR #882 essentially implements @emlun's suggestion above, yes? |
Yes - I forgot that we already have a |
@equalsJeffH Any update from @idamlaj |
@nadalin -- I believe the above #851 (comment) documents @akshayku saying that he Akshay will ask @idamlaj for clarification on whether he Ibrahim desires anything further to address his concerns. Note that PR #882 had the non-controversial/non-breaking addition of the |
on 11-Jul call, @idamlaj elaborated on the impetus for this issue and the need for an unambiguous signal. there was much detailed discussion -- see call minutes: https://www.w3.org/2018/07/11-webauthn-minutes.html, where @idamlaj (Ibrahim) begins talking. we decided to move this to level 2 at this time. PR #906 improves this, but does not wholly address it. |
* Provide transport information during registration. This change adds a `getTransports` method to `AuthenticatorAttestationResponse` that returns the `AuthenticatorTransport` used to perform a registration, as well as other transports that the user agent believes that the authenticator supports. Fixes #889 Fixes #851 See also #882 * Update in light of PR discussion. [ went ahead and merged due to no objections to doing so ]
Issue #420 (PR #708) details how a relying party who only wants platform authenticators can create authentication flows using the web authentication API:
This method works fine most of the time.
However, on some platforms, the key store holding the platform credential cred1 – or its decryption key, if it is a server-resident credential – may get wiped for a variety of reasons (e.g. last fingerprint removed, disabling / re-enabling screenlock, etc).
If we follow the WebAuthn specification as is, the following user flow will occur:
Is this a scenario that the working group cares about? If so, what are the recommendations to prevent the user experience described above?
The text was updated successfully, but these errors were encountered: