Bug 236698 - [WebAuthN] Registration fails The operation can’t be completed.
Summary: [WebAuthN] Registration fails The operation can’t be completed.
Status: RESOLVED DUPLICATE of bug 237223
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebKit Misc. (show other bugs)
Version: Safari 15
Hardware: Mac (Apple Silicon) macOS 12
: P2 Normal
Assignee: Nobody
URL:
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2022-02-16 02:05 PST by zooms_vote_0t
Modified: 2022-03-22 14:12 PDT (History)
4 users (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description zooms_vote_0t 2022-02-16 02:05:15 PST
As a registered user in http://admin.gandi.net , when registering a new security key for the account using TouchID WebAuthn in account security settings, the registration fails with error.

Reproduction:

 1. In account security settings, "Manage your security key authentication"

 2. In Register your security key: enter New token name: (I used "jessi TouchID", should not matter)

 3. Do you want to allow “gandi.net” to use Touch ID? Or you can use a security key. : Ok.

 4. Safari: "Safari" would like to use Touch ID for "gandi.net". Touch ID to allow this.

Actual behavior:

 5. Error dialog: "The operation can’t be completed.

Expected behavior:

 5. Successful registration.


The gandi.net WebAuthn registration works however on iOS (15.3.1) using FaceID.

I did some investigation using Inspector and obtained the parameters for publicKey

Object = $4
  O publickey: Object
    S attestation: "direct"
    >O challenge: Uint8Array [ ... ] (32)
    >O excludeCredentials: [Object, Object, Object] (3)
    >O extensions: {appidExclude: "https://account.gandi.net/api/u2f/trusted_facets.ison"]
    >O pubKeyCredparams: [ ... ]
    >O rp: {id: "gandi.net", name: "Gandi.net"}

https://twitter.com/joneskoo_yx/status/1492921076841603074?s=20


I can reproduce the error message if I go to https://webauthn.io and register selecting attestation: direct.

I believe the cause for the failure on Mac (but not iOS) may be that gandi sets in registration options: attestation: direct.
Comment 1 Radar WebKit Bug Importer 2022-02-16 22:33:05 PST
<rdar://problem/89069228>
Comment 2 Brent Fulgham 2022-03-22 14:12:31 PDT

*** This bug has been marked as a duplicate of bug 237223 ***