New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 871370 link

Starred by 1 user

Issue metadata

Status: Fixed
Closed: Aug 13
EstimatedDays: ----
NextAction: ----
OS: Mac
Pri: 2
Type: Feature

issue 678128

Sign in to add a comment

Add lookup for Touch ID credentials

Project Member Reported by, Aug 6

Issue description

We need to be able to look up credential IDs in the keychain from outside of the GetAssertion request implementation so we can determine whether a given request can be satisfied by Touch ID upfront.
Project Member

Comment 1 by, Aug 10

The following revision refers to this bug:

commit a4ac527a4777da75ba6c44ed4a7e1837ed92693d
Author: Martin Kreichgauer <>
Date: Fri Aug 10 22:46:01 2018

fido/mac: look up credential IDs before proceeding with GetAssertion requests

This changes the GetAssertion operation for the Touch ID authenticator
to locate credential IDs in the keychain at the beginning of the
request. If no matching credential exists, the user is not prompted for
a fingerprint. A method to locate a credential by ID is extracted from
the existing code and moved into the Keychain class.

This is done in anticipation of adding the WebAuthn UI. With the new UI,
GetAssertion requests will only be sent to the Touch ID authenticator,
if we know a matching credential ID to exist in the keychain.

Bug:  871370 

Change-Id: Ie5e4916df2a68bc0e9d7552322d6b993069ce95b
Commit-Queue: Martin Kreichgauer <>
Reviewed-by: Balazs Engedy <>
Cr-Commit-Position: refs/heads/master@{#582369}

Status: Fixed (was: Started)

Sign in to add a comment