search

mozilla / authenticator-rs

Rust library to interact with Security Keys, used by Firefox
https://crates.io/crates/authenticator
Mozilla Public License 2.0
273 stars 70 forks source link

Pre-flight and AppID improvements #297

Closed jschanck closed 1 year ago

jschanck commented 1 year ago

The first patch splits StateMachine::init_and_select into distinct init and select stages. It adds an auto_select hint to the select stage that can be used to skip device selection when the caller can determine that a particular device is suitable for the request.

The second patch uses the auto_select hint when we find acceptable credentials on a device through silent discovery. This resolves Bug 1451111

The third patch uses silent discovery to determine if there are acceptable (U2F) credentials on the device that require the use of the AppID extension. This resolves #269 and Bug 1846836.

I also added a -a flag to the ctap2 example which causes it to use an alternate RP ID. (This is added in the second patch but is used to test the third patch's behavior).

jschanck commented 1 year ago

I opened #299 to revisit auto_select.

andreydanil commented 1 year ago

@jschanck, Can this fix be backported to earlier versions of FF? It's impacting FF versions 115-118.