Fido2 not working in chromium source

341 views
Skip to first unread message

Techiezen

unread,
Nov 20, 2020, 5:28:18 AM11/20/20
to FIDO Dev (fido-dev)
Hi,
I have been following and building chromium open source code for quite some time now and I recently observed that Fido2 authentication is not working with that.
I get the following error logs every time I try it.

1506-4247/? I/ActivityTaskManager: START u0 {cmp=com.google.android.gms/.fido.fido2.ui.Fido2FullScreenActivity (has extras)} from uid 10210 pid -1
18486-18486/org.chromium.chrome E/cr_Fido2Request: Sent a Fido2 request to Google Play Services.
1506-7926/? D/OpQuickReply: setQuickReplyResumed focusedApp AppWindowToken{b89cc1b token=Token{1b4f62a ActivityRecord{72f5315 u0 com.google.android.gms/.fido.fido2.ui.Fido2FullScreenActivity t20582}}} pkgName com.google.android.gms
17774-17774/? I/Fido: [AuthenticateChimeraActivity] FIDO2 operation is called from org.chromium.chrome
18486-18486/org.chromium.chrome E/cr_Fido2Request: Google Play Services FIDO2 API returned an error: null

Can you please suggest if I need to do any changes for Fido2 to work in my build?
Thanks in advance.

Nguyen Van Cuong

unread,
Nov 26, 2020, 9:39:18 PM11/26/20
to FIDO Dev (fido-dev), Techiezen
It notified that you need google play services to work with FIDO2

Arshad Noor

unread,
Nov 27, 2020, 8:53:56 AM11/27/20
to fido...@fidoalliance.org
Are you surprised? A privacy protecting authentication protocol does not
serve the Google business model without a hook back into their
data-collection machine if you're using their browser or APIs in Android.

Use Firefox, Brave, Opera or Edge.

Arshad Noor
StrongKey

Dominik Schuermann

unread,
Nov 27, 2020, 9:13:22 AM11/27/20
to fido...@fidoalliance.org, Techiezen
Hi,

if you need an open source (GPLv3) FIDO2 client for Android, don't
hesitate to write me. Our SDK can be used as a drop in replacement.

More information on https://hwsecurity.dev/

Cheers
Dominik

Techiezen

unread,
Nov 30, 2020, 6:01:02 AM11/30/20
to FIDO Dev (fido-dev), Dominik Schürmann, Techiezen
Hi, thanks for your reply.
Call to Google play services is happening. But the reply from the server is an error.
Maybe the application has to be registered somewhere?

Thanks again,
Techiezen

John Bradley

unread,
Nov 30, 2020, 9:53:24 AM11/30/20
to fido...@fidoalliance.org

The WebAuthn API can be used by any app.

There are special permissions required for browsers if they are going to specify arbitrary RPID.

Not unreasonably any malicious application with the ability to specify arbitrary RPID could act as a manin the middle and cause verry bad things to happen.

If you don't care about access to the platform authenticator you could use a third party lib to talk to a external key.

The Android WebAuthn API dosen't currently support CTAP2 so if you need PIN support a third party SDK is your only option.

If you want to be put on the permissions list for the WebAuthn API unrestricted access like FireFox (was Mozilla broke it) ,  brave and Edge you need to contact the Chrome team who manage the list.

Regards

John B.

--
You received this message because you are subscribed to the Google Groups "FIDO Dev (fido-dev)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to fido-dev+u...@fidoalliance.org.
To view this discussion on the web visit https://groups.google.com/a/fidoalliance.org/d/msgid/fido-dev/24c70762-c429-4a44-959e-202604b1bee5n%40fidoalliance.org.
Reply all
Reply to author
Forward
0 new messages