Open hugomrdias opened 1 year ago
I believe based on the last comments from the intent to ship thread this has landed already in Chrome M116, right? FWIW I tested Chrome Canary m118 with beta features enabled in https://securitykeys.info/ts/test_suite.html
and still got a No PRF
error.
FWIW not sure if it helps but largeBlob
is now generally available in iOS and macOS for Safari 17. Might be a good alternative to prf
if we can secure the client and only store the needed output as a largeBlob
.
Feel free to test in https://glitch.com/~webauthn-large-blob
Thanks for tracking this, really useful.
@0xjjpa it looks like there is a (possibly new?) same-origin policy enforced, to use your example I had to pop out of the glitch frame and open https://webauthn-large-blob.glitch.me/ in its own tab.
I can confirm largeBlob
working on Safari 17.1 (MacOS 14.1.1) and Safari in iOS 17.1.1
I can confirm PRF Extension working on Chromium Canary 128.0 with chrome://flags/#enable-experimental-web-platform-features
on Windows with a Token2. My yubikeys do not have a needed firmware. I have ordered new ones - expect them on Saturday and will provide updates.
I used the sample by @MasterKale here https://gist.github.com/MasterKale/dbe39a01438251f0cbd55576304731fd. The registration at https://passkeys.fission.app/register returned with Registration failed
and no further info.
Currently the demo relies on the PRF extension to handle UCAN signatures and WNFS encryption. The support for this extension is still limited across devices and browsers, check the following sections to have a better picture of what works and what doesn't.
Auth flows tracking list
Support
Safari ❌
Chromium 1 🚧
Safari ❌
1 Planned using iCloud.
2 No support on the OS level but works directly on Chromium.
3 Behind chrome://flags/#enable-experimental-web-platform-features, doesn't work with CDA.
4 Platform authenticator on mac doesnt support it but yubikey does.
References