248863 – WebAuthn conditional UI in clamshell mode does not honour UV required on repeated assertions

Bug 248863 - WebAuthn conditional UI in clamshell mode does not honour UV required on repeated assertions

Summary: WebAuthn conditional UI in clamshell mode does not honour UV required on repe...

Status:	NEW

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	WebKit Misc. (show other bugs)
Version:	Safari Technology Preview
Hardware:	Mac (Intel) macOS 12

Importance:	P2 Normal
Assignee:	Nobody

URL:
Keywords:	InRadar

Depends on:
Blocks:

Reported:	2022-12-07 02:52 PST by eirbjo
Modified:	2022-12-14 02:53 PST (History)
CC List:	2 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description eirbjo 2022-12-07 02:52:42 PST

Bug 244164 fixed an issue where conditional UI assertions did not set the UV flag.

Using Safari Technology Preview Release 159 (Safari 16.4, WebKit 17615.1.12.130.1), it seems the problem still manifests under the following conditions:

1: The computer is in clamshell mode (such that the TouchID sensor is unavailable)
2: The conditional UI assertion is the second (or later) assertion in the browser session.

This makes it impossible for users in clamshell mode to perform reauthentication, switch user into other user accounts, etc.

Steps to verify:

1: Use a laptop Mac in clamshell mode
2: Perform a successful conditional UI assertion by providing the account passord as a fallback for TouchID. The assertion has the UV flag set 
3: Log out of the application and initiate a second conditional UI assertion
4: Observe that an assertion is performed, without user interaction, and that the UV flag is not set


Notice that the non-conditional UI flow seems to work as expected, also in clamshell mode.

Comment 1 Radar WebKit Bug Importer 2022-12-14 02:53:17 PST

<rdar://problem/103347061>