USB transport isn't working and always showing passkey as the first option

andreydanil commented 7 months ago

Since the release of Firefox 122, users have encountered a new popup for the WebAuthn challenge, and a critical functionality related to the transport is currently malfunctioning.

In the previous versions of Firefox (older than 122), the "usb" transport used that the respective authenticator over removable USB. Now, a user has to select the USB authenticator manually, which leads to user confusion since passkeys may not be enabled with the WebAuthn registration.

Steps to reproduce:

Open Firefox 122.
Go to https://webauthn.me/debugger.
Scroll down and Click the register button.
Select the "Security key" option and press continue.
Touch the security key to register it with WebAuthn.
Scroll down and click the Authenticate button.
In the navigator.credentials.get API, check the "allowCredentials" "transports" and "USB".
Click Authenticate and observe that the sign in options present iPhone, iPad, or Android device as the default, followed by the security key second. Note the manual selection requirement for the USB authenticator.

This user experience presents a significant inconvenience as users are currently required to interact with the security key twice. First, users need to press the security key to confirm its presence, and secondly, to authenticate with the challenge response. Additionally, if User Verification (UV) is enabled on the key, the flow becomes touch the key, enter the PIN, and then press the key again. This redundancy not only disrupts the fluidity of the authentication process but leads to user frustration and confusion due to the additional steps involved, especially when the user only registered a security key, not a passkey.