This PR disables the U2F / Fido interface, unless keys are already configured for the user.
Fixes #511
Why?
U2F / FIDO no longer works in modern browsers, until #423 is resolved having this provider enabled only causes confusion to end users (See #511)
Ideally, we wouldn't need to do this, as we've been assuming that #423 would be resolved, but 6+ months later it's no closer to being merged. I'd like to merge this into a 0.8.2.
Alternatives
Alternatively, the Javascript could be updated to detect FIDO/U2F not being viable, and displaying an error message about the browser not supporting it too..
How?
This simply disables the UI by:
Removing it from the Providers array when disabling the table, if the provider says it's not available.
Returning early when displaying the Security keys table, if the provider says it's not available.
Returning early when enqueuing assets when no keys are registered.
If for some reason, it needs to be re-enabled a filter is included:
Deprecated: The FIDO/U2F integration has been hidden unless already configured. This is because modern browsers no longer support the standard, and we've not yet finalised our WebAuthn implementation.
What?
This PR disables the U2F / Fido interface, unless keys are already configured for the user.
Fixes #511
Why?
U2F / FIDO no longer works in modern browsers, until #423 is resolved having this provider enabled only causes confusion to end users (See #511)
Ideally, we wouldn't need to do this, as we've been assuming that #423 would be resolved, but 6+ months later it's no closer to being merged. I'd like to merge this into a 0.8.2.
Alternatives
Alternatively, the Javascript could be updated to detect FIDO/U2F not being viable, and displaying an error message about the browser not supporting it too..
How?
This simply disables the UI by:
If for some reason, it needs to be re-enabled a filter is included:
Testing Instructions
Screenshots or screencast
Changelog Entry
Deprecated: The FIDO/U2F integration has been hidden unless already configured. This is because modern browsers no longer support the standard, and we've not yet finalised our WebAuthn implementation.