Open hregis opened 5 years ago
Thanks for the feedback about MacOS. Do you have a fingerprint reader on your Mac, and did that work?
Re 1903, I find that in all browsers, Windows Hello doesn't currently offer me the option of using a Yubico key even though I have registered it. I don't understand why at the moment.
Before 1903, I believe the key was being handled by the browser directly rather than Windows Hello.
No, I do not have a fingerprint reader on the Mac, but I will buy some for testing ... on the other hand it works well with fingerprints with Firefox and Chrome on an Android phone.
Thanks.
If you were testing Fireforx with Windows Hello and Key through webauth.savesnine.info could you have another go now?
I was able to register my Yubico key if I turned on the usually commented out 'cross-platform' line in prepareChallengeForRegistration, and discovered it was returning a different value for fmt than before 1903. Allowing this lets it proceed, so I am hopeful it will in your case too where it doesn't seem to need cross-platform. (I am assuming that cross-platform allows you to use the key on other computers by identifying the key directly, rather than storing the identity as Windows Hello, which only works on one computer but with any of its enabled identity methods).
If you were using the code directly in your own test, I've updated the master with this same change.
See also #34 - I made cross-platform an option
Hello @davidearl
I still have the same problems with the latest changes! on the other hand I put this in comment and everything works well everywhere under Windows!
why the "fmt" can not be "fido-u2f"? yet it works by having this value of "fmt"!
/*if ($ao->fmt == 'fido-u2f') {
$this->oops("cannot decode FIDO format responses, sorry");
} elseif ($ao->fmt != 'none' && $ao->fmt != 'packed') {
$this->oops('cannot decode key response (4)');
}*/
In fact I do not have a Windows 10 on a physical station, it is a virtual instance with Virtualbox, and Virtualbox crashes as soon as I use the keys! I should have a computer with Windows 10 to be sure! (I hate Windows !!!!!!) ;-)
The code is essentially a translation of one of the original examples, which was in JavaScript. That example specifically excluded fido-utf2 , which is the precursor to webauthn, which presumably your key us. But if it works with that, there doesn’t seem any good reason to exclude it.
I am not sure that the option "discouraged" is secure !! With your latest changes, Windows Hello saves the key, but as soon as you want to save the key in another application, it saves it without asking! more when I want to use your library, the browser no longer asks for the key, it takes direct Windows Hello!
$result->authenticatorSelection->userVerification = 'discouraged';
you see this project ? (branch webauthn)
I have the same problem. Login on Windows 1903 works, but registration of a new key does not work. In the past Firefox was showing a small popup, telling the user to insert the key and press the button. Now it's a Microsoft popup ( Microsoft Hello?), and now it does not work anymore.
It's the
$ao->fmt == 'fido-u2f'
check that fails with "cannot decode FIDO format responses, sorry"
If I comment the if-statement (and the elseif) like @hregis wrote, it works fine.
You won't see a popup from Firefox anymore. It's an update of 1903 that all goes through Windows Security. If you try it out here you'll get the same results https://webauthn.io/
Also, see https://github.com/davidearl/webauthn/issues/27#issuecomment-525352130
Hello
The library works without problems in Mac OS X with Firefox, Chrome, Opera and Safari. (all last versions)
On Windows 10 version 1903, it works well under Chrome, but against Firefox and Edge, I have this error message when I want to register a key (yubikey and keydo)
"cannot decode FIDO format responses, sorry"
on the other hand if I save the keys with Chrome, I can authenticate without problem with Firefox and Edge.
Yet it worked well with Firefox before the 1903 update! and Chrome too ... Edge never worked as a key record.
Thank you for your work
(i use the "master" branch with the last commit)