Bug 243656

Summary: Safari WebAuthn sends Attestation as None when requested as Direct
Product: WebKit Reporter: Manish <writetomansa>
Component: New BugsAssignee: Nobody <webkit-unassigned>
Status: NEW ---    
Severity: Major CC: pascoe, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: Safari 15   
Hardware: Mac (Intel)   
OS: Other   

Description Manish 2022-08-08 01:52:31 PDT 
In Safari 15.6, if you set attestation as direct in navigator.credentials.create it sends backs attestation as none and aaguids as all zeroed out.
Since we mandate attestation in our enterprise services, It has become a blocker for new enrolments.


All works fine till 15.4. (Didn't check on 15.5)
MacOS - 12.5

Easily reproducible at https://webauthn.me/debugger
Comment 1 Sam Sneddon [:gsnedders] 2022-08-08 04:19:25 PDT 
Is this just bug 238450 again?
Comment 2 Manish 2022-08-08 04:41:02 PDT 
(In reply to Sam Sneddon [:gsnedders] from comment #1)
> Is this just bug 238450 again?

Yes and no.
Issue is reproducible same way but now it is failing silently without any error anywhere. It is not providing attestation being requested.
Comment 3 Radar WebKit Bug Importer 2022-08-15 01:53:14 PDT 
<rdar://problem/98659825>
Comment 4 Manish 2022-09-19 02:00:33 PDT 
It seems same bug has released in IOS 16 as well.