New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 831712 link

Starred by 0 users

Issue metadata

Status: Fixed
Owner:
Last visit > 30 days ago
Closed: Jul 3
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: ----
Type: ----

Blocked on:
issue 798573



Sign in to add a comment

Device-specific errors should return "NotAllowedError" once CTAP2 support is added

Project Member Reported by kpaulhamus@chromium.org, Apr 11 2018

Issue description

Currently, any non-U2F-supported options reject with a NotSupportedError.
Once CTAP2 is supported alongside U2F, these situations will represent
per-device errors and should not result in an immediate response.
Instead, these errors should return NotAllowed on a device-basis, and the entire operation should timeout instead.

- get() called with user verification
- create() called with user verification, platform authenticators, resident key, or unsupported algorithm
 
Blockedon: 798573
Labels: M-68
Project Member

Comment 2 by bugdroid1@chromium.org, Apr 20 2018

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/57be4fc7c3d8ec7b9dbc16360add46232a7466d1

commit 57be4fc7c3d8ec7b9dbc16360add46232a7466d1
Author: Kim Paulhamus <kpaulhamus@chromium.org>
Date: Fri Apr 20 19:00:45 2018

Add clarifying comment about return codes to FidoRequestHandler.

Bug:  831712 
Change-Id: Ib42639e8c78ca905c395f9b4adce08848477d745
Reviewed-on: https://chromium-review.googlesource.com/1020197
Reviewed-by: Jan Wilken Dörrie <jdoerrie@chromium.org>
Commit-Queue: Kim Paulhamus <kpaulhamus@chromium.org>
Cr-Commit-Position: refs/heads/master@{#552417}
[modify] https://crrev.com/57be4fc7c3d8ec7b9dbc16360add46232a7466d1/device/fido/fido_request_handler.h

Project Member

Comment 3 by bugdroid1@chromium.org, May 14 2018

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/19b1cd5c86145d59dfb41b69dad8994fc175666e

commit 19b1cd5c86145d59dfb41b69dad8994fc175666e
Author: Kim Paulhamus <kpaulhamus@chromium.org>
Date: Mon May 14 20:50:05 2018

Permit empty allow_credentials for CTAP2 devices.

Otherwise, passing an empty allow_credentials (such as for resident
key devices) returns a NotSupported error. This error is appropriate
for U2F devices but not for CTAP2 support.

Bug:  831712 
Change-Id: Ia8126e8cdecc2b9149b72f8e636a08f5d5e71d0b
Reviewed-on: https://chromium-review.googlesource.com/1057960
Reviewed-by: Balazs Engedy <engedy@chromium.org>
Commit-Queue: Kim Paulhamus <kpaulhamus@chromium.org>
Cr-Commit-Position: refs/heads/master@{#558451}
[modify] https://crrev.com/19b1cd5c86145d59dfb41b69dad8994fc175666e/content/browser/webauth/authenticator_impl.cc
[modify] https://crrev.com/19b1cd5c86145d59dfb41b69dad8994fc175666e/content/browser/webauth/authenticator_impl_unittest.cc

Labels: -M-68 M-69
Owner: hongjunchoi@chromium.org
Status: Assigned (was: Untriaged)
Status: Fixed (was: Assigned)

Sign in to add a comment