Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: ddef090f6b4d8984da6b8081120d40bf6e1a277e
https://github.com/WebKit/WebKit/commit/ddef090f6b4d8984da6b8081120d40bf6e1a277e
Author: Pascoe <[email protected]>
Date: 2025-10-17 (Fri, 17 Oct 2025)
Changed paths:
M
LayoutTests/http/wpt/webauthn/public-key-credential-get-success-hid.https-expected.txt
M
LayoutTests/http/wpt/webauthn/public-key-credential-get-success-hid.https.html
M
LayoutTests/http/wpt/webauthn/public-key-credential-get-success-u2f.https.html
M Source/WebKit/UIProcess/WebAuthentication/fido/CtapAuthenticator.cpp
M Source/WebKit/UIProcess/WebAuthentication/fido/CtapAuthenticator.h
M
Tools/TestWebKitAPI/Tests/WebKitCocoa/web-authentication-get-assertion-nfc.html
Log Message:
-----------
[WebAuthn] Do not request user presence before U2F fallback
rdar://159976632
https://bugs.webkit.org/show_bug.cgi?id=300839
Reviewed by Brent Fulgham.
When authenticating with a security key supporting both CTAP2 and U2F, WebKit
would
unnecessarily require two user taps and perform inefficient credential checking.
After CTAP2 silent credential checks failed, WebKit sent a CTAP2 request with
user
presence (first tap), received an error, then downgraded to U2F (second tap).
This
patch skips the wasteful CTAP2 request and downgrades immediately when silent
checks
indicate no credentials exist, reducing taps from 2 to 1.
The batching logic incorrectly required both maxCredentialIDLength and
maxCredentialCountInList from getInfo to enable batching. The fix checks
for maxCredentialCountInList alone, enabling proper batching if
maxCredentialIDLength
is missing.
Added layout tests to exercise this behavior.
*
LayoutTests/http/wpt/webauthn/public-key-credential-get-success-hid.https-expected.txt:
*
LayoutTests/http/wpt/webauthn/public-key-credential-get-success-hid.https.html:
*
LayoutTests/http/wpt/webauthn/public-key-credential-get-success-u2f.https.html:
* Source/WebKit/UIProcess/WebAuthentication/fido/CtapAuthenticator.cpp:
(WebKit::CtapAuthenticator::makeCredential):
(WebKit::CtapAuthenticator::getAssertion):
(WebKit::CtapAuthenticator::canDowngradeToU2f const):
(WebKit::CtapAuthenticator::tryDowngrade):
* Source/WebKit/UIProcess/WebAuthentication/fido/CtapAuthenticator.h:
Canonical link: https://commits.webkit.org/301723@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
