[x] I SOLEMNLY SWEAR THAT I HAVE SEARCHED DOCUMENTATION AND WAS NOT ABLE TO RESOLVE MY ISSUE
What protocol are you implementing?
[x] CTAP2.1
What is your implementation class?
[x] Security Key / FIDO2 / U2F authenticators
What is the version of the tool are you using?
v1.6.39
What is the OS and the version are you running?
For desktop tools
[x] Windows
Issue description
644 has resolved P-1 for authenticators with option.noMcGaPermissionsWithClientPin=true, but for following P-2/P-3, they use ClientPin2Permissions.mc/.ga directly with clientpin2_ObtainToken_GetPinUvAuthTokenUsingPinWithPermissions command. I suggest for authenticators with option.uv=true and option.noMcGaPermissionsWithClientPin=true, we should use another command UsingUv to get the pinUvAuth token. Or the same unauthorized_permission error will still happen in P-2/P-3
Error: Expected authenticator to succeed with CTAP1_ERR_SUCCESS(0). Got CTAP2_ERR_UNAUTHORIZED_PERMISSION(64)
at eval (eval at compileCode (js/sandbox.js:25:26), <anonymous>:3346:19)
nuno0529
commented
2 years ago
By submitting this issue you are acknowledging that any information regarding this issue will be publicly available.
If you have privacy concerns, please email conformance-tools@fidoalliance.org
FIRST PRE CHECK
What protocol are you implementing?
What is your implementation class?
What is the version of the tool are you using?
v1.6.39
What is the OS and the version are you running?
For desktop tools
Issue description
644 has resolved P-1 for authenticators with option.noMcGaPermissionsWithClientPin=true, but for following P-2/P-3, they use ClientPin2Permissions.mc/.ga directly with
clientpin2_ObtainToken_GetPinUvAuthTokenUsingPinWithPermissionscommand. I suggest for authenticators withoption.uv=trueandoption.noMcGaPermissionsWithClientPin=true, we should use another command UsingUv to get the pinUvAuth token. Or the same unauthorized_permission error will still happen in P-2/P-3