New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 814870 link

Starred by 1 user
Status: Fixed
Owner:
kpaulhamus@chromium.org
Closed: Mar 2018
Cc:
hongjunchoi@chromium.org
kenrb@chromium.org
martinkr@google.com
engedy@chromium.org
ssoneff@google.com
kpaulhamus@chromium.org
jdoerrie@chromium.org
mknowles@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: ----
Type: ----



Sign in to add a comment

[webauthn] Handle duplicate registrations with InvalidStateError

Project Member Reported by kpaulhamus@chromium.org, Feb 22 2018 
Return an InvalidStateError to indicate to the RP that the authenticator the user has selected to register has already been registered.

https://w3c.github.io/webauthn/#createCredential step 20.
Project Member

Comment 1 by bugdroid1@chromium.org, Mar 29 2018 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/51fa70dc92e6053c2c9dc16774054ddeed8a876e

commit 51fa70dc92e6053c2c9dc16774054ddeed8a876e
Author: Kim Paulhamus <kpaulhamus@chromium.org>
Date: Thu Mar 29 22:03:31 2018

[Webauthn] Handle duplicate registrations with InvalidStateError

This implements the WebauthN spec change that permits returning an immediate
and specific error if the user consented to use a key but it was already
registered with the relying party. Formerly, we had to wait for a timeout
and return the generic "NotAllowedError". This way, RPs can let the user
know the reason that registration failed.

Bug:  814870 
Change-Id: Ib6f0c9cdd5ca7e3f545c8ce6f3c8e641d672783b
Reviewed-on: https://chromium-review.googlesource.com/984725
Reviewed-by: Balazs Engedy <engedy@chromium.org>
Reviewed-by: Daniel Cheng <dcheng@chromium.org>
Commit-Queue: Kim Paulhamus <kpaulhamus@chromium.org>
Cr-Commit-Position: refs/heads/master@{#546976}
[modify] https://crrev.com/51fa70dc92e6053c2c9dc16774054ddeed8a876e/components/password_manager/content/common/credential_manager_mojom_traits.cc
[modify] https://crrev.com/51fa70dc92e6053c2c9dc16774054ddeed8a876e/content/browser/webauth/authenticator_impl.cc
[modify] https://crrev.com/51fa70dc92e6053c2c9dc16774054ddeed8a876e/device/fido/fido_constants.h
[modify] https://crrev.com/51fa70dc92e6053c2c9dc16774054ddeed8a876e/device/fido/u2f_register.cc
[modify] https://crrev.com/51fa70dc92e6053c2c9dc16774054ddeed8a876e/device/fido/u2f_register_unittest.cc
[modify] https://crrev.com/51fa70dc92e6053c2c9dc16774054ddeed8a876e/third_party/WebKit/LayoutTests/http/tests/credentialmanager/credentialscontainer-create-basics.html
[modify] https://crrev.com/51fa70dc92e6053c2c9dc16774054ddeed8a876e/third_party/WebKit/Source/modules/credentialmanager/CredentialManagerTypeConverters.cpp
[modify] https://crrev.com/51fa70dc92e6053c2c9dc16774054ddeed8a876e/third_party/WebKit/Source/modules/credentialmanager/CredentialsContainer.cpp
[modify] https://crrev.com/51fa70dc92e6053c2c9dc16774054ddeed8a876e/third_party/WebKit/public/platform/modules/credentialmanager/credential_manager.mojom
[modify] https://crrev.com/51fa70dc92e6053c2c9dc16774054ddeed8a876e/third_party/WebKit/public/platform/modules/webauth/authenticator.mojom

Comment 2 by kpaulhamus@chromium.org, Mar 30 2018

Cc: hongjunchoi@chromium.org
 Issue 813122  has been merged into this issue.

Comment 3 by kpaulhamus@chromium.org, Mar 30 2018

Owner: kpaulhamus@chromium.org
Status: Fixed (was: Available)

Sign in to add a comment