Closed subyraman closed 4 years ago
I can reproduce this. Looking at the debugging output from Soft U2F, I see the registration response being sent. After the timeout, if I kill the Soft U2F process and restart it I see it receive another, identical register request.
Is SoftU2F not respecting the timeout sent from the webauthn api? Is there a constant or the like to make it successful?
The "U2F protocol" doesn't have any notions of timeouts as far as I remember. The HID protocol does, so maybe it's an issue there.
I haven't looked into Chrome's webauthn implementation yet. Do you happen to know if there's any way to get debugging output from it? It used to be possible to get HID-level debugging info from the internal Chrome extension where U2F was implemented.
I'm unsure myself about getting debugging information from the browser-authenticator communication process, I haven't stumbled on anything like that!
Looking at the authenticatorGetAssertion
method in the spec it doesn't seem like a timeout is explicitly passed to the authenticator; but ~3 seconds does seem a bit short, especially for people with accessibility concerns.
The high-level JavaScript API for U2F also had a timeout parameter, but that only dictated how long the browser would wait on a device before giving up. It wasn't used in the U2F protocol (between the browser and security key).
FWIW, webauthn also doesn't work for me in latest Chrome/Firefox.
The SoftU2F daemon prints some output ("Sending frame:..."), but not sure how to interpret (I can post the logs here if it's useful). Webauthn works fine for me with my yubikey.
It looks like this is even more broken in Chrome now. I'm seeing this error
NotAllowedError: The operation is not allowed at this time because the page does not have focus.
I think this is fixed.
Nice. It does seem to work in Chrome now.
Thanks for using Soft U2F. I'm sorry that you've encountered a bug.
System information
To aide in debugging, please provide the output from running the following commands:
What browser are you using?
Chrome with the Web Authentication flag enabled.
sw_vers
10.13.3
I have confirmed that SoftU2F is installed and running. Example of how to duplicate this bug:
Is SoftU2F not respecting the timeout sent from the webauthn api? Is there a constant or the like to make it successful?