Web Authentication - Support CTAP2 via USB HID
Categories
(Core :: DOM: Web Authentication, enhancement, P1)
Tracking
()
Tracking | Status | |
---|---|---|
firefox109 | --- | fixed |
People
(Reporter: jcj, Assigned: jschanck)
References
(Blocks 1 open bug, )
Details
Attachments
(4 files)
This requires implementation in authenticator-rs
:
Upstream CTAP2 Issue: https://github.com/mozilla/authenticator-rs/issues/33
Upstream Branch: https://github.com/mozilla/authenticator-rs/tree/ctap2
This work will support CTAP2 on platforms that don't restrict access to security keys:
- 2018-era Windows 10 and all earlier versions of Windows
- Linux
- FreeBSD
- MacOS (at least Mojave and earlier)
Reporter | ||
Updated•6 years ago
|
Reporter | ||
Updated•5 years ago
|
Comment 1•5 years ago
|
||
Can you warn the user that a U2F credential is going to be created on their FIDO2 device because Firefox doesn't support CTAP2 yet?
When using a FIDO2 device, credentials created on (Firefox, macOS) work on all combinations of (Chromium , Firefox) * (macOS, Windows 10) because I assume it creates a U2F credential.
However credentials created on (Chromium, macOS * Windows 10) or (Firefox , Windows 10) do not work on (Firefox, macOS).
Reporter | ||
Comment 2•5 years ago
|
||
It's a good thought, I don't know how to message that effectively. The energy there should probably be spent on the CTAP2 code, if I'm honest with myself.
Comment 3•5 years ago
|
||
Just upgraded to macOS Catalina Beta 8 and U2F doesn't work any more in Firefox (or FIDO2 in any browser for that matter). Could the OS have blocked directly access to security keys? Will there be a platform API like Windows 10?
Comment 4•5 years ago
|
||
Correction: U2F doesn't work any more in Firefox or Chromium on U2F-only sites like Google. WebAuthn sites still work with FIDO2 tokens in Chromium.
Reporter | ||
Comment 5•5 years ago
|
||
I wasn't aware of any plans like this. Unfortunately I'm traveling and can't put together a Catalina beta box for testing.
Can you test with https://u2f.bin.coffee/ and let me know what make/model security keys you tried? We'll have to open a separate bug for that.
Reporter | ||
Comment 6•5 years ago
|
||
I've filed an upstream ticket with Apple about this.
Reporter | ||
Comment 7•5 years ago
|
||
I've heard a Googler check Chromium on Catalina Beta 8 with U2F tokens had reports all is okay. Haven't checked Firefox yet, but perhaps it's your computer somehow?
Comment 8•5 years ago
|
||
(In reply to J.C. Jones [:jcj] (he/him) from comment #5)
Can you test with https://u2f.bin.coffee/ and let me know what make/model security keys you tried? We'll have to open a separate bug for that.
I used a YubiKey 5Ci. When I click "U2F Register" the pop-up appears, but nothing happens when touching the YubiKey. It doesn't even light up.
Comment hidden (off-topic) |
Comment hidden (off-topic) |
Reporter | ||
Updated•5 years ago
|
Comment 12•4 years ago
|
||
Any update?
Comment hidden (advocacy) |
Comment hidden (obsolete) |
Comment hidden (off-topic) |
Comment hidden (advocacy) |
Comment 17•3 years ago
|
||
Updated•3 years ago
|
Updated•3 years ago
|
Updated•2 years ago
|
Updated•2 years ago
|
Comment 19•2 years ago
|
||
Updated•2 years ago
|
Updated•2 years ago
|
Comment hidden (advocacy) |
Updated•2 years ago
|
Assignee | ||
Comment 21•2 years ago
|
||
The audit of serde_cbor 0.11.1 was performed by R. Martinho Fernandes. I've
copied his audit statement from https://phabricator.services.mozilla.com/D149897.
Comment 22•2 years ago
|
||
bugherder |
Assignee | ||
Comment 23•2 years ago
|
||
I should have attached the certify audits to a different bug. The patch that landed is just a prerequisite for the main work in D129814.
Updated•2 years ago
|
Comment 24•2 years ago
|
||
Comment 25•2 years ago
|
||
Backed out for causing build bustages on cbindgen-metadata.json
- Backout link
- Push with failures
- Failure Log
- Failure line: gmake[3]: *** [backend.mk:115: config/.deps/cbindgen-metadata.json.stub] Error 101
Assignee | ||
Comment 26•2 years ago
|
||
msirringhaus needed to rebase the patch manually. He's done that, and I've confirmed that it builds now.
Assignee | ||
Comment 27•2 years ago
|
||
Comment 28•2 years ago
|
||
Assignee | ||
Comment 30•2 years ago
|
||
It's pref'd for nightly only at the moment. I'll request a relnote if we change that.
Comment 31•2 years ago
|
||
bugherder |
https://hg.mozilla.org/mozilla-central/rev/ca7c33dd3bd3
https://hg.mozilla.org/mozilla-central/rev/41701d785f98
Description
•