New issue
Advanced search Search tips

Issue 897757 link

Starred by 1 user

Issue metadata

Status: Assigned
Owner:
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux , Windows , Chrome , Mac
Pri: 1
Type: ----



Sign in to add a comment

WebAuthn timeout errors should wait to resolve promise until after user interaction

Project Member Reported by kpaulhamus@google.com, Oct 22

Issue description

WebAuthn timeouts should not resolve the promise until the user has closed the timeout error dialog (if UI is enabled).

This is permitted by the current spec wording and no spec changes are needed: "In order to prevent information leak that could identify the user without consent, this step MUST NOT be executed before lifetimeTimer has expired."
 
Labels: -M-72 Hotlist-WebAuthnUI M-73 Pri-1
Owner: kpaulhamus@chromium.org

Sign in to add a comment