BLE Usage on macOS?

[Manouchehri]

I'm testing out a new BLE/NFC/USB U2F device, and so far I've had no luck with BLE on macOS.

Just pairing the device seems to be tricky; macOS does not show BLE devices in their GUI.

After fiddling around with Apple's Bluetooth Explorer, I finally got the device paired with the correct passcode and it stays connected for a few seconds. (By design the device will power off after a few seconds.)

If I try to use the sample server in Chrome, it never seems to attempt/connect over Bluetooth. (The U2F device was previously paired via USB.)

Any ideas @jovasco or @juanlang?

Do you think this is a u2f-ref-code or Chromium/Chrome problem?

[juanlang]

We haven't yet published any code to talk to BLE U2F devices on desktop / laptop platforms. Sorry about that.

[Manouchehri]

@juanlang Is there any for mobile? The marketing material for this claims it works with BLE on Google Authenticator, but doesn't look like it to me.

[sserrano44]

any progress or status update on this?

[leshi]

We're working on BLE desktop support to talk to U2F devices via the new webauthn APIs in chrome. Please follow along over there: https://www.chromestatus.com/feature/5669923372138496

[kitchen]

Greetings! I took a look at that link and it says:

Enabled by default (tracking bug) in: Chrome for desktop release 67

I'm using chrome 69 and it doesn't seem to be working. When I get to a u2f auth page and put my device in pairing mode it doesn't detect it.

[hongjunChoi]

Hello!

We're currently working on implementing UI flows to guide users through the pairing process. Unfortunately, currently there is no good way to pair BLE security keys with MacOS as MacOS UI only shows filtered devices based on service UUID's and the service UUID's that U2F security keys advertise is not included in the filters -- it seems like.

That being said, for Chrome Beta or Canary, if you go to webauthndemo.appspot.com simply try to use the BLE security on MacOS, OS native pairing UI dialog will show up and you should be able to use your BLE security keys.

Please let me know if you have any further questions!

[kpaulh]

@kitchen The chromestatus entry there really refers to WebAuthN for U2F USB keys. The BLE pairing work, at hongjunchoi said, is underway.

[mikie999]

Any updates? Is the BLE pairing work complete?

[1043465747]

👍💳

[kpaulh]

Hi there, you can try this out by going to chrome://flags and enabling "WebAuthenticationBle". (It may already be enabled, as it's rolled out to 50% Canary/Dev/Beta). This includes turning on BLE and pairing in-browser.

[shilch]

I can't find WebAuthenticationBle in chrome://flags but I was able to run Chrome Dev using open -a "Google Chrome" --args "--enable-features=WebAuthenticationBle". Pairing and authenticating on https://webauthndemo.appspot.com/ works, but not on other sites like Github.

Edit: Nevermind, adding the --enable-features=WebAuthenticationBle flag doesn't do anything.

[kpaulh]

Er, I guess the fully qualified header for the flag in chrome://flags is "Web Authentication API BLE support".

When you say it doesn't work on other sites, do you mean you only get the option to use USB keys, or that you try to use BLE and something fails halfway through?

[shilch]

@kpaulh

Yes, I've found the flag. Enabling it doesn't seem to change a thing though, probably that's the default option.

When you say it doesn't work on other sites [...]

For sites like webauthndemo.appspot.com and webauth.io the Chrome dialog pops up which allows me to choose my security key (USB, Bluetooth). But the dialog doesn't pop up on github, they somehow have their own UI?

[kpaulh]

Oh, I see. Github doesn't call the WebAuthn API for login - it's still using U2F. Try a service like Dropbox, login.gov, or Google login?

[shilch]

Ah, okay. Good to know. I'll contact Github support and ask whether they can switch / add support.

[AJ-42]

I have google 80, enabled the WebAuthBLE flag. New dialogs let me begin the pairing process but chrome can never find my BLE token, It DID find my BLE enabled Android phone with Built-in Security key. Is there a minimum version of Mac OS? I'm still on High Sierra (10.13).

[Manouchehri]

It looks like the flag enable-web-authentication-ble-support and support is going to be removed for macOS. https://bugs.chromium.org/p/chromium/issues/detail?id=1046131

There doesn't seem to be any replacement. Little surprised about this one, feels like I'm missing some context.

[Manouchehri]

Oddly we've gone almost full circle with Chrome adding caBLE v2 back in.

[jc911]

cannot find caBLE v2 in chrome://flags right now