Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: e140358f974609f057d7f90454aa10d75cdc9629
https://github.com/WebKit/WebKit/commit/e140358f974609f057d7f90454aa10d75cdc9629
Author: Pascoe <[email protected]>
Date: 2026-01-27 (Tue, 27 Jan 2026)
Changed paths:
M Source/WebCore/Modules/webauthn/fido/FidoConstants.cpp
M Source/WebCore/Modules/webauthn/fido/FidoConstants.h
M
Source/WebKit/UIProcess/WebAuthentication/Cocoa/AuthenticatorPresenterCoordinator.mm
M Source/WebKit/UIProcess/WebAuthentication/Cocoa/CcidConnection.h
M Source/WebKit/UIProcess/WebAuthentication/Cocoa/CcidConnection.mm
M Source/WebKit/UIProcess/WebAuthentication/Cocoa/CcidService.h
M Source/WebKit/UIProcess/WebAuthentication/Cocoa/CcidService.mm
M Source/WebKit/UIProcess/WebAuthentication/Mock/MockCcidService.mm
M Source/WebKit/UIProcess/WebAuthentication/fido/CtapAuthenticator.cpp
M Tools/TestWebKitAPI/Tests/WebKitCocoa/_WKWebAuthenticationPanel.mm
Log Message:
-----------
WebAuthn Authentication over NFC is broken in Safari Technology Preview 234
(SEED)
rdar://168456474
https://bugs.webkit.org/show_bug.cgi?id=306279
Reviewed by Brent Fulgham.
This patch makes a few changes to make CCID authenticators behave better.
1. Some newer authenticators have inconsistent behavior whenever we start a
session
per-message. This change moves us to maintaining a session with a smart card
until
invalidated and queuing messages as-needed.
2. We do not handle the kCtap2ErrUserPresenceRequired, which the authenticator
returns when it was left on an NFC reader for too long. We were looping on this
terminal error until we encountered the next issue fixed.
3. At one point we stopped handling the kCtap2ErrPinAuthBlocked error properly.
This
error can be delievered before pin entry is attempted for an already locked
authenticator and this error gets returned whenever the platform ignores
kCtap2ErrUserPresenceRequired.
This also required an internal change in rdar://168804001.
* Source/WebCore/Modules/webauthn/fido/FidoConstants.cpp:
(fido::isCtapDeviceResponseCode):
* Source/WebCore/Modules/webauthn/fido/FidoConstants.h:
*
Source/WebKit/UIProcess/WebAuthentication/Cocoa/AuthenticatorPresenterCoordinator.mm:
(WebKit::AuthenticatorPresenterCoordinator::updatePresenter):
* Source/WebKit/UIProcess/WebAuthentication/Cocoa/CcidConnection.h:
* Source/WebKit/UIProcess/WebAuthentication/Cocoa/CcidConnection.mm:
(-[WKSmartCardObserver initWithCard:invalidationHandler:]):
(-[WKSmartCardObserver dealloc]):
(-[WKSmartCardObserver observeValueForKeyPath:ofObject:change:context:]):
(WebKit::CcidConnection::create):
(WebKit::CcidConnection::CcidConnection):
(WebKit::CcidConnection::~CcidConnection):
(WebKit::CcidConnection::detectContactless):
(WebKit::CcidConnection::transact):
(WebKit::CcidConnection::processPendingRequests):
(WebKit::CcidConnection::stop):
(WebKit::CcidConnection::startPolling):
(WebKit::CcidConnection::transact const): Deleted.
(WebKit::CcidConnection::stop const): Deleted.
(WebKit::CcidConnection::restartPolling): Deleted.
* Source/WebKit/UIProcess/WebAuthentication/Cocoa/CcidService.h:
* Source/WebKit/UIProcess/WebAuthentication/Cocoa/CcidService.mm:
(WebKit::CcidService::~CcidService):
(WebKit::CcidService::platformStartDiscovery):
(WebKit::CcidService::onValidCard):
(WebKit::CcidService::onCardRemoved):
(-[_WKSmartCardSlotStateObserver
observeValueForKeyPath:ofObject:change:context:]):
* Source/WebKit/UIProcess/WebAuthentication/Mock/MockCcidService.mm:
(WebKit::MockCcidService::platformStartDiscovery):
* Source/WebKit/UIProcess/WebAuthentication/fido/CtapAuthenticator.cpp:
(WebKit::CtapAuthenticator::continueSilentlyCheckCredentials):
(WebKit::CtapAuthenticator::continueMakeCredentialAfterResponseReceived):
(WebKit::CtapAuthenticator::continueGetAssertionAfterResponseReceived):
* Tools/TestWebKitAPI/Tests/WebKitCocoa/_WKWebAuthenticationPanel.mm:
(TestWebKitAPI::TEST(WebAuthenticationPanel,
MakeCredentialPinAuthBlockedError)):
(TestWebKitAPI::TEST(WebAuthenticationPanel, GetAssertionPinAuthBlockedError)):
Canonical link: https://commits.webkit.org/306280@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
