Bug 243656

Summary:	Safari WebAuthn sends Attestation as None when requested as Direct
Product:	WebKit	Reporter:	Manish <writetomansa>
Component:	New Bugs	Assignee:	Nobody <webkit-unassigned>
Status:	NEW
Severity:	Major	CC:	pascoe, webkit-bug-importer
Priority:	P2	Keywords:	InRadar
Version:	Safari 15
Hardware:	Mac (Intel)
OS:	Other

Manish

Reported 2022-08-08 01:52:31 PDT

In Safari 15.6, if you set attestation as direct in navigator.credentials.create it sends backs attestation as none and aaguids as all zeroed out. Since we mandate attestation in our enterprise services, It has become a blocker for new enrolments. All works fine till 15.4. (Didn't check on 15.5) MacOS - 12.5 Easily reproducible at https://webauthn.me/debugger

Attachments
Add attachment proposed patch, testcase, etc.

Sam Sneddon [:gsnedders]

Comment 1 2022-08-08 04:19:25 PDT

Is this just bug 238450 again?

Manish

Comment 2 2022-08-08 04:41:02 PDT

(In reply to Sam Sneddon [:gsnedders] from comment #1) > Is this just bug 238450 again? Yes and no. Issue is reproducible same way but now it is failing silently without any error anywhere. It is not providing attestation being requested.

Radar WebKit Bug Importer

Comment 3 2022-08-15 01:53:14 PDT

<rdar://problem/98659825>

Manish

Comment 4 2022-09-19 02:00:33 PDT

It seems same bug has released in IOS 16 as well.

Note You need to log in before you can comment on or make changes to this bug.