Unable to utilize U2F usb token in Kiosk mode deployment of Chrome OS app

[Bart de Ruijsscher]

Hello,

we are developing an extension (app) for Chrome OS which should allow the user to insert a USB key to allow U2F authentication on a FIDO server. The FIDO server is setup by us as well and located on appspot. When the user inserts a USB key into the Chrome device, it redirects the user to a Fido authentication page.

The application runs fine on a regular (developer) chrome device. However, the target scenario requires us to implement the app in Kiosk mode through Google Admin console.

We have been able to run and deploy our application succesfully, even our application is able to detect insertion of the USB key. However, when the (app spot hosted FIDO server) attempts to communicate with the USB key, it seemingly fails.

The manifest of our app is contains the following permissions entry:

    "https://our-appspot-fido-server-link-here.appspot.com/*",

    "webview",

    "appview",

    "fullscreen",

    "app.window.fullscreen.overrideEsc",

    "idle",

    "power",

    "hid",

    "usb",

    {

        {

          "vendorId": 4176,

          "productId": 288

        }

      ]

    },

    "enterprise.deviceAttributes",

    "serial",

We don't seem to be able to get this working in Kiosk mode, it does however function properly in regular Chrome user mode.

Are there any suggestions as how to get this working?

Many thanks in advance, regards

Bart