webauthn attestation on Apple macbook M1
490 views
Skip to first unread message
Cyril Labbe
Jul 6, 2021, 11:03:39 AM7/6/21
to FIDO Dev (fido-dev)
Hello,
I've been checking the webauthn capability on Apple's macbooks, and I'm confused about the Apple Macbook M1.
The website https://webauthn.io cannot handle apple's attestations (when requiring a direct attestation), but the javascript part of the attestation ceremony does complete (up to the ajax call "make credential" which then fails) with a macbook from 2019 (MacOS BigSur 11.2.3, but not a M1)
On a Macbook M1 (MACOS BigSur 11.2.3 M1), after allowing the use of touchid for this website and pressing the touchid key, I directly get a "Impossible d'achever l'opération" popup, and therefor the ajax call is not performed at all.
It seems that the macbook M1 cannot get to build the attestation (when asking for direct on indirect).
Is it some bug, or a hardware limitation, or something else?
Best regads,
Cyril Labbe.
Cyril Labbe
Jul 19, 2021, 5:02:47 AM7/19/21
to FIDO Dev (fido-dev), Cyril Labbe
I just checked on the website https://webauthn.me/debugger
Best regards.
when enabling only:
- authenticatorSelection/authenticatorAttachment => platform
- attestation => direct (same result with indirect)
I click on register, I allow the domain Webauthn.me to use touchid, I perform a valid touchid
on a MacBook M1, I get an error popup as below and a:
NotAllowedError: This request has been cancelled by the user.
on a MacbookPro, not M1, with the same macOS version, it works fine
on both devices, the api isUserVerifyingPlatformAuthenticator() returns true
As a relying party, I cannot detect/foresee that the devices will have this issue
Does anyone reproduce this issue?
Is there any workaround or fix incoming?
Best regards.
Cyril Labbe
Jul 20, 2021, 10:35:22 AM7/20/21
to FIDO Dev (fido-dev)
Bug already reported on https://bugs.webkit.org/show_bug.cgi?id=224042 (since april)
Reply all
Reply to author
Forward
0 new messages