The flow between a U2F server and a FIDO2 authenticator
Jacob Revyakin
- CTAP2 getInfo and responds with supported versions FIDO2 and UTF_V2.
- CTAP2 getAssertion and responds with the CTAP2_ERR_NO_CREDENTIALS error.
- U2F_AUTHENTICATE and responds with appropriate U2F response and procedure finishes with success.
- If the device doesn't support U2F then we are not able to use it with Google, aren't we?
- Could someone explain me the logic mentioned above? Why registration doesn't involve CTAP2 when authentication does?
 | Jacob Revyakin AuthN Solutions Architect Hideez Group m: +1 650 416 80 54 e: yr@hideez.com  . . . |
Emil Lundberg
Hi Jacob,
1. No. If the authenticator only supports CTAP2, you can still use it with Google.
2. As far as I understand, Google isn't happy with the user experience of how PINs currently work in WebAuthn. Specifically, that if the authenticator has a PIN configured, then that PIN must be entered to create a credential even if the RP doesn't want PIN to be used. Therefore Google checks if the authenticator supports U2F, and if it does, Google uses the U2F API instead of the WebAuthn API to register the credential because U2F has no PIN support.
The behaviour you see with a failed CTAP2 authentication followed
by a successful CTAP1 (U2F) authentication is how the `appid`
extension in WebAuthn works. The browser first tries to get an
assertion over CTAP2 for the WebAuthn RP ID, and if that fails, it
tries over CTAP1 for the U2F AppID.
--
You received this message because you are subscribed to the Google Groups "FIDO Dev (fido-dev)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to fido-dev+u...@fidoalliance.org.
To view this discussion on the web visit https://groups.google.com/a/fidoalliance.org/d/msgid/fido-dev/CAG4oMgVVzkiRMAkWfUYChTEBNJvGQbCpH7d4%3DvZq6U57jLPH9Q%40mail.gmail.com.
Jacob Revyakin
To view this discussion on the web visit https://groups.google.com/a/fidoalliance.org/d/msgid/fido-dev/bce4663b-5644-0fc6-f8de-69ef16595b96%40yubico.com.