Skip to content
This repository has been archived by the owner on May 10, 2024. It is now read-only.

WebAuthn: no prompt during assertion when userPresence is explicitly to required or preferred #1585

Closed
MaximeNdutiye opened this issue Sep 26, 2019 · 1 comment
Closed

WebAuthn: no prompt during assertion when userPresence is explicitly to required or preferred #1585

MaximeNdutiye opened this issue Sep 26, 2019 · 1 comment
Assignees
@Brandon-T
Labels
bug Epic: WebAuthn QA/Yes release-notes/exclude
Milestone
WebAuthn

Comments

@MaximeNdutiye
Copy link

Description:

Whenever PublicKeyCredentialRequestOptions.userVerification is explicitly set to "preferred" or "required" Brave behaves as though userVerification="discouraged".

The behaviour is out of spec and always results in the browser not prompting the user to touch their authenticator.

Steps to Reproduce

  1. perform a create request

  2. perform a get request with userVerification="preferred" or userVerification="required"

Actual result:

There is no prompt for the user to interact with their authenticator.
The returned authenticatorData doesn't have the user presence (UP) flag set.

Expected result:

The user should be prompted to touch their authenticator when userPresence=true and the user presence flag in authenticatorData should be set.

Reproduces how often:

Consistently reproducible.

Brave Version:

Version 1.12 (19.09.13.06)
Device iPhone11,2 (iOS 13.1)
@MaximeNdutiye
Copy link
Author

Thanks to @eparkko-lab for the debugger 😄

@Brandon-T Brandon-T mentioned this issue Oct 7, 2019
Merged
7 tasks
@Brandon-T Brandon-T self-assigned this Oct 7, 2019
@srirambv srirambv added this to the WebAuthn milestone Oct 8, 2019
@iccub iccub closed this as completed in 6f88b1d Oct 18, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@Brandon-T Brandon-T

Labels
bug Epic: WebAuthn QA/Yes release-notes/exclude
Projects
None yet
Milestone
WebAuthn
Development

No branches or pull requests
4 participants
@Brandon-T @iccub @MaximeNdutiye @srirambv