Android invalidating FIDO Authenticators
75 views
Skip to first unread message
MuhammedZubair Omarjee
Jul 9, 2021, 1:33:12 AM7/9/21
to fido...@fidoalliance.org
Good day,
Is there any explanation as to why Android will randomly invalidate FIDO authenticators, and prompt the user of an app to go through reset or recreate flow.
Any known issues, as we seeing a lot more of this scenario's happening.
Kind Regards
Mz
Arshad Noor
Jul 9, 2021, 4:43:20 PM7/9/21
to fido...@fidoalliance.org, MuhammedZubair Omarjee
MZ,
Can you provide more information?
1. What do you mean by "invalidating FIDO Authenticators"? Are the
authenticators being cleared of their keys, or is the authentication
process just forced to restart?
2. Are the authenticators using the U2F, UAF or FIDO2 protocol?
3. If not UAF, what transport are they using: USB, NFC, BLE?
4. If not UAF, is your app using the WebView component for the
authentication process? Or, have you programmed your RCA to use a
specific API (such as the Google FIDO2 API)? If so, which one?
5. Have you checked the logs of your FIDO library/server to see what
errors are being reported?
Providing more detail can help readers provide better responses.
Arshad
> --
> You received this message because you are subscribed to the Google
> Groups "FIDO Dev (fido-dev)" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to fido-dev+u...@fidoalliance.org
> <mailto:fido-dev+u...@fidoalliance.org>.
> To view this discussion on the web visit
> https://groups.google.com/a/fidoalliance.org/d/msgid/fido-dev/CAKm0qwn3%3DJcK%3DNEDzyc7N1X3A3C3a0gdhd_6MbEYk5%3DUOPFBWQ%40mail.gmail.com
> <https://groups.google.com/a/fidoalliance.org/d/msgid/fido-dev/CAKm0qwn3%3DJcK%3DNEDzyc7N1X3A3C3a0gdhd_6MbEYk5%3DUOPFBWQ%40mail.gmail.com?utm_medium=email&utm_source=footer>.
Can you provide more information?
1. What do you mean by "invalidating FIDO Authenticators"? Are the
authenticators being cleared of their keys, or is the authentication
process just forced to restart?
2. Are the authenticators using the U2F, UAF or FIDO2 protocol?
3. If not UAF, what transport are they using: USB, NFC, BLE?
4. If not UAF, is your app using the WebView component for the
authentication process? Or, have you programmed your RCA to use a
specific API (such as the Google FIDO2 API)? If so, which one?
5. Have you checked the logs of your FIDO library/server to see what
errors are being reported?
Providing more detail can help readers provide better responses.
Arshad
> You received this message because you are subscribed to the Google
> Groups "FIDO Dev (fido-dev)" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to fido-dev+u...@fidoalliance.org
> <mailto:fido-dev+u...@fidoalliance.org>.
> To view this discussion on the web visit
> https://groups.google.com/a/fidoalliance.org/d/msgid/fido-dev/CAKm0qwn3%3DJcK%3DNEDzyc7N1X3A3C3a0gdhd_6MbEYk5%3DUOPFBWQ%40mail.gmail.com
> <https://groups.google.com/a/fidoalliance.org/d/msgid/fido-dev/CAKm0qwn3%3DJcK%3DNEDzyc7N1X3A3C3a0gdhd_6MbEYk5%3DUOPFBWQ%40mail.gmail.com?utm_medium=email&utm_source=footer>.
Philipp Junghannß
Jul 9, 2021, 5:00:47 PM7/9/21
to Arshad Noor, FIDO Dev (fido-dev), MuhammedZubair Omarjee
Considering Android is not actually capable of speaking CTAP2 but basically falls back to U2F for roaming authenticators, there are 2 main scenarios I could imagine.
1) FIDO2/webauthn Platform authenticators forgetting the sites they were registered on
2) FIDO devices not recognizing the site due to separation of keys between U2F and FIDO2 modes
Regards
To unsubscribe from this group and stop receiving emails from it, send an email to fido-dev+u...@fidoalliance.org.
To view this discussion on the web visit https://groups.google.com/a/fidoalliance.org/d/msgid/fido-dev/4e3c6bee-d181-88e8-aa51-b417660111ea%40strongkey.com.
Reply all
Reply to author
Forward
0 new messages