AuthenticatorAssertionResponse.userHandle should be set to null instead of empty arraybuffer |
||||||||
Issue descriptiongetAssertion sets `AuthenticatorAssertionResponse.userHandle` to an empty `ArrayBuffer` when the authenticator returns no user handle (e.g., when allowList is set). The spec [1] instructs to set it to null: [1]: https://www.w3.org/TR/webauthn/#ref-for-dom-authenticatorassertionresponse-userhandle%E2%91%A0
,
May 31 2018
Requesting merge to M68.
,
Jun 1 2018
Your change meets the bar and is auto-approved for M68. Please go ahead and merge the CL to branch 3440 manually. Please contact milestone owner if you have questions. Owners: cmasso@(Android), kariahda@(iOS), bhthompson@(ChromeOS), abdulsyed@(Desktop) For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Jun 1 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/70074813f9daaefb60bfeda63abba2c56a11803a commit 70074813f9daaefb60bfeda63abba2c56a11803a Author: Kim Paulhamus <kpaulhamus@chromium.org> Date: Fri Jun 01 01:13:41 2018 Set UserHandle to null instead of an empty ArrayBuffer for getAssertion. https://www.w3.org/TR/webauthn/#ref-for-dom-authenticatorassertionresponse-userhandle Bug: 847878 Change-Id: I8071207c15d3150a486133eb50cc7d00cbba5401 Reviewed-on: https://chromium-review.googlesource.com/1079200 Reviewed-by: Balazs Engedy <engedy@chromium.org> Commit-Queue: Kim Paulhamus <kpaulhamus@chromium.org> Cr-Original-Commit-Position: refs/heads/master@{#563073}(cherry picked from commit 2e4fdc9e9e9656fce457e608645feac9bab9dbd5) Reviewed-on: https://chromium-review.googlesource.com/1081832 Reviewed-by: Kim Paulhamus <kpaulhamus@chromium.org> Cr-Commit-Position: refs/branch-heads/3440@{#81} Cr-Branched-From: 010ddcfda246975d194964ccf20038ebbdec6084-refs/heads/master@{#561733} [modify] https://crrev.com/70074813f9daaefb60bfeda63abba2c56a11803a/third_party/blink/renderer/modules/credentialmanager/credentials_container.cc
,
Jun 1 2018
,
Oct 8
This bug seems to be back in recent versions of Chrome: Version 70.0.3538.45 (Official Build) beta (64-bit) Version 71.0.3569.0 (Official Build) dev (64-bit) Reproduction: 1. Check out commit dd850905 [1] of Yubico/java-webauthn-server 2. Run `./gradlew appRun` 3. Browse to https://localhost:8443/webauthn/ 4. Plug in a YubiKey 4 (or YubiKey 5/SKY2 with FIDO2 disabled) and press "Register new account" 5. Complete registration ceremony successfully 6. Press "Authenticate" 7. Tap YubiKey when blinking 8. Ceremony fails because Chrome returns empty userHandle instead of null [1]: https://github.com/Yubico/java-webauthn-server/commit/dd85090575b722fc808a320292a8932879c4b0cf
,
Oct 8
Passing it back to Kim for triaging.
,
Jan 10
,
Jan 11
Setting defect without priority to Pri-2. |
||||||||
►
Sign in to add a comment |
||||||||
Comment 1 by bugdroid1@chromium.org
, May 30 2018