Bug 213642 - [WebAuthn] Client PIN flow does not indicate that a final authenticator touch is needed
Summary: [WebAuthn] Client PIN flow does not indicate that a final authenticator touch...
Status: RESOLVED CONFIGURATION CHANGED
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebCore Misc. (show other bugs)
Version: Safari Technology Preview
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Nobody
URL:
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2020-06-26 02:46 PDT by eirbjo
Modified: 2020-06-26 09:24 PDT (History)
2 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description eirbjo 2020-06-26 02:46:31 PDT 
Congratulations with the new Client PIN support in Safari!

When testing this with Safari Technology Preview 109, I noticed that the client PIN flow ends without any indication to the user that a final authenticator touch is needed to complete the operation.

Observation:

1: The user initiates authentication
2: The "Do you want to sign in .. using a security key" dialog appears, telling the user to insert a key and to activate it
3: The user touches the security key to select it
4: The "Enter a PIN to unlock this authenticator" dialog appears
5: The user enters a valid PIN, clicks "Submit"
6: The PIN entry dialog disappears and the security key starts blinking, but the client UX has no indication that the user must touch the authenticator again to complete the operation

This could be improved by adding some form of dialog after step 5 to indicate that the operation is not done before the user touches/activates the authenticator.
Comment 1 Radar WebKit Bug Importer 2020-06-26 09:19:02 PDT 
<rdar://problem/64808752>
Comment 2 Jiewen Tan 2020-06-26 09:23:49 PDT 
(In reply to eirbjo from comment #0)
> Congratulations with the new Client PIN support in Safari!
> 
> When testing this with Safari Technology Preview 109, I noticed that the
> client PIN flow ends without any indication to the user that a final
> authenticator touch is needed to complete the operation.
> 
> Observation:
> 
> 1: The user initiates authentication
> 2: The "Do you want to sign in .. using a security key" dialog appears,
> telling the user to insert a key and to activate it
> 3: The user touches the security key to select it
> 4: The "Enter a PIN to unlock this authenticator" dialog appears
> 5: The user enters a valid PIN, clicks "Submit"
> 6: The PIN entry dialog disappears and the security key starts blinking, but
> the client UX has no indication that the user must touch the authenticator
> again to complete the operation
> 
> This could be improved by adding some form of dialog after step 5 to
> indicate that the operation is not done before the user touches/activates
> the authenticator.

This problem has been resolved already. Please try out our next STP for verification.