Enable FIDO U2F API, and permit registrations for Google Accounts
Categories
(Core :: DOM: Web Authentication, enhancement, P1)
Tracking
()
People
(Reporter: jcj, Assigned: jcj)
References
()
Details
(Keywords: feature)
Attachments
(1 file)
(deleted),
text/x-phabricator-request
|
pascalc
:
approval-mozilla-beta+
|
Details |
Per the thread Intent-to-Ship: Backward-Compatibility FIDO U2F support for Google Accounts
on dev-platform [0], this bug is to:
- Enable the
security.webauth.u2f
by default, to ride the trains - Remove the
aOp == U2FOperation::Sign
check from EvaluateAppID in WebAuthnUtil.cpp, permitting the Google override to work for Register as well as Sign.
This would enable Firefox users to use FIDO U2F API on most all sites, subject to the algorithm limitations discussed in the section ## Thorny issues in enabling our FIDO U2F API implementation ##
of that post.
[0] https://groups.google.com/d/msg/mozilla.dev.platform/q5cj38hGTEA/lC834665BQAJ
Assignee | ||
Comment 1•6 years ago
|
||
Per the thread "Intent-to-Ship: Backward-Compatibility FIDO U2F support for
Google Accounts" on dev-platform [0], this bug is to:
-
Enable the security.webauth.u2f by default, to ride the trains
-
Remove the aOp == U2FOperation::Sign check from EvaluateAppID in
WebAuthnUtil.cpp, permitting the Google override to work for Register as
well as Sign.
This would enable Firefox users to use FIDO U2F API on most all sites, subject
to the algorithm limitations discussed in the section "Thorny issues in
enabling our FIDO U2F API implementation" of that post.
[0] https://groups.google.com/d/msg/mozilla.dev.platform/q5cj38hGTEA/lC834665BQAJ
Assignee | ||
Comment 2•6 years ago
|
||
[Tracking Requested - why for this release]:
I'd like this to be considered for Beta 67 uplift:
- This is enabling an already-well-used behind-pref feature.
- The sooner we enable the feature, the faster Google Accounts can turn this functionality on for Firefox users.
My intention is to land this in Nightly as soon as review is complete, and with luck, request uplift on Monday.
Assignee | ||
Updated•6 years ago
|
Updated•6 years ago
|
Comment 4•6 years ago
|
||
bugherder |
Assignee | ||
Comment 5•6 years ago
|
||
Comment on attachment 9054217 [details]
Bug 1539541 - Enable FIDO U2F API, and permit registrations for Google Accounts
Beta/Release Uplift Approval Request
- Feature/Bug causing the regression: n/a
- User impact if declined: Delay in providing security key registration support for Google Accounts (to 68)
- Is this code covered by automated tests?: Yes
- Has the fix been verified in Nightly?: Yes
- Needs manual test from QE?: No
- If yes, steps to reproduce: (It's just a pref flip, and Google has checked it)
- List of other uplifts needed: n/a
- Risk to taking this patch: Medium
- Why is the change risky/not risky? (and alternatives if risky): FIDO U2F API has been used by a power user audience via pref-flip since 57 without issues. The Google Accounts piece is a simple if-condition change. Since it's shipping a feature, it's probably at least a "medium" risk rather than low, but otherwise I'd be tempted to call it "low".
- String changes made/needed: None
Comment 6•6 years ago
|
||
Comment on attachment 9054217 [details]
Bug 1539541 - Enable FIDO U2F API, and permit registrations for Google Accounts
Uplift approved for 67 beta 9, thanks.
Comment 7•6 years ago
|
||
bugherder uplift |
Updated•6 years ago
|
Comment 8•6 years ago
|
||
Added to 67 beta release notes with this wording:
Enable FIDO U2F API, and permit registrations for Google Accounts
(We may want a more consumer-friendly wording for the final release)
Is this something you're aiming to get into ESR 60.7? I notice it is mentioned on the ESR trello board.
I think J.C.'s back today, so I'll ask him.
Assignee | ||
Comment 11•6 years ago
|
||
I don't think it's important enough to uplift into 60.7, I think it's okay to wait for ESR 68.0.
Comment 12•6 years ago
|
||
This does not fix registration for Google Accounts in 67 Stable as google says "this browser is not supported please try in Chrome."
this needs to be fixed on their end.
Assignee | ||
Comment 13•6 years ago
|
||
Thanks. I'll remind Google. :)
Comment 14•5 years ago
|
||
Using the latest firefox mobile I am not able to sign-in in google using a yubikey. It seems google doesn't like firefox mobile.
Assignee | ||
Comment 15•5 years ago
|
||
Riccardo, I'm seeing the same behavior. I've reached out to the Google Accounts team over email to see what the deal is. Thanks!
Description
•