Closed rosstimothy closed 1 week ago
Re-phrased title, as technically U2F support still exists, it's the U2F "native" fallback code that we are deleting.
This makes it so that tsh needs to be build with FIDO2 for Webauthn to work on macOS, otherwise you get some variant of "hardware device MFA not supported by your platform, please register an OTP device".
This makes it so that tsh needs to be build with FIDO2 for Webauthn to work on macOS, otherwise you get some variant of "hardware device MFA not supported by your platform, please register an OTP device".
This is intended, although in hindsight we should have communicated better. Tim and I are talking about ways to improve our developer experience around this.
U2F support was deprecated in favor of WebAuthn many releases ago, however, not all references were removed when working on https://github.com/gravitational/teleport/issues/10375. This eliminates the last remaining inclusions of
github.com/flynn/u2f
andgithub.com/flynn/hid
from lib/client and drops all support of falling back to U2F if client tools are not built with FIDO2 enabled.In practice, this should only cause problems for people building tsh/tctl locally without setting the correct build flags. All release artifacts published should already be built with the appropriate flags and not cause any issues as a result.
Updates https://github.com/gravitational/teleport/issues/43112.