[bug] macos m1 , using webauthn through native navigator.credentials.create() is not allowed

tauri-apps / tauri

Build smaller, faster, and more secure desktop applications with a web frontend.

https://tauri.app

Apache License 2.0

81.3k stars 2.43k forks source link

[bug] macos m1 , using webauthn through native navigator.credentials.create() is not allowed #6471

Open fireangle opened 1 year ago

fireangle commented 1 year ago

Describe the bug

I am trying to use the webauthn function in my Tauri app, but the native browser function navigator.credentials.create() is not working. The integrated console log shows Unhandled Promise Rejection: NotAllowedError: Operation failed. However, it works perfectly on Safari (16.3 (18614.4.6.1.6)) and Chrome.

Reproduction

I followed https://webkit.org/blog/11312/meet-face-id-and-touch-id-for-the-web/ ,and the test function will be triggered by clicking a button like this <div className="row"><button onClick={test}>test</button></div>.

Expected behavior

No response

Platform and versions

Environment
  › OS: Mac OS 13.2.1 X64
  › Node.js: 19.7.0
  › npm: 9.5.0
  › pnpm: Not installed!
  › yarn: 1.22.19
  › rustup: Not installed!
  › rustc: 1.67.1
  › cargo: 1.67.0
  › Rust toolchain:

Stack trace

No response

Additional context

No response

mankins commented 2 months ago

I'm seeing this as well and haven't figured out a way around it. Did you ever fix this @fireangle ?

smaramwbc commented 2 months ago

Came across the same problem, the only solution i see is to use https://github.com/kanidm/webauthn-rs and build a wrapper for Tauri.

mankins commented 2 months ago

@smaramwbc That seems like work. :( The idea would be to do it from the rust side? It seems like a shame as the browser has that built in.

I'm looking into why this isn't working in dev mode, it's pretty confusing, as I had thought that all permissions would be granted on safari in dev.. but I'm getting NotAllowedError: Operation failed even in dev when doing navigator.credentials.create() ...

smaramwbc commented 2 months ago

@mankins I have the same error, and after some research, I found this thread: https://community.bitwarden.com/t/add-fido2-webauthn-mfa-to-bitwarden-client-app/56880.

Electron has given up on implementing FIDO2/WebAuthn, and the engine of Tauri doesn't support it yet.

So, I am going to implement https://github.com/kanidm/webauthn-rs and give it a try.

Could be useful for Tauri as well: https://discord.com/blog/how-discord-modernized-mfa-with-webauthn#heading-6

mankins commented 2 months ago

Thanks @smaramwbc I'll give this a look. If either of us gets it working, let's report back? Appreciate the research.

mankins commented 2 months ago

Oh I also found this: https://github.com/tauri-apps/plugins-workspace/tree/v1/plugins/authenticator ... which seems related... unfortunately when I tried it I get:

FabianLars commented 2 months ago

Please ignore the authenticator plugin for now. It's not in a good state at all (arguably unusable).