| Summary: | [WebAuthn] Client PIN flow does not indicate that a final authenticator touch is needed | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | eirbjo |
| Component: | WebCore Misc. | Assignee: | Nobody <webkit-unassigned> |
| Status: | RESOLVED CONFIGURATION CHANGED | ||
| Severity: | Normal | CC: | jiewen_tan, webkit-bug-importer |
| Priority: | P2 | Keywords: | InRadar |
| Version: | Safari Technology Preview | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
|
Description
eirbjo
2020-06-26 02:46:31 PDT
(In reply to eirbjo from comment #0) > Congratulations with the new Client PIN support in Safari! > > When testing this with Safari Technology Preview 109, I noticed that the > client PIN flow ends without any indication to the user that a final > authenticator touch is needed to complete the operation. > > Observation: > > 1: The user initiates authentication > 2: The "Do you want to sign in .. using a security key" dialog appears, > telling the user to insert a key and to activate it > 3: The user touches the security key to select it > 4: The "Enter a PIN to unlock this authenticator" dialog appears > 5: The user enters a valid PIN, clicks "Submit" > 6: The PIN entry dialog disappears and the security key starts blinking, but > the client UX has no indication that the user must touch the authenticator > again to complete the operation > > This could be improved by adding some form of dialog after step 5 to > indicate that the operation is not done before the user touches/activates > the authenticator. This problem has been resolved already. Please try out our next STP for verification. |