CTAP2 on MAC browsers

[Chung Hsuan Yeh]

Hi,

I am developing a FIDO2 USB token which supports both FIDO2 and U2F.

When I tested my token on Windows PC with the test site (https://webauthn.io/), I could receive CTAP2 request.

Then I tested on MAC with Chrome, Edge, Safari, and  none of them sent CTAP2 request but the U2F request instead.

Here's the response of the authenticatorGetInfo command:

{

 1: ["FIDO_2_0", "U2F_V2"], 

 2: ["hmac-secret"], 

 3: h'EC31B4CC2ACC4B8E9C01BADE00CCBE26', 

 4: {"plat": false, "rk": true, "up": true, "uv": false, "clientPin": false}, 

 5: 1200, 6: [1]

}

Any help would be highly appreciated.

Jay

[Ackermann Yuriy]

Browsers generally default to the U2F in non-uv scenarios. Try setting userVerification to "required"

Additionally: You can remove "plat" from your getInfo.options. *)

Regards. Yuriy 

Yuriy Ackermann

FIDO, Identity, Standards

skype: ackermann.yuriy

github: @herrjemand

twitter: @herrjemand

medium: @herrjemand

--
You received this message because you are subscribed to the Google Groups "FIDO Dev (fido-dev)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to fido-dev+u...@fidoalliance.org.
To view this discussion on the web visit https://groups.google.com/a/fidoalliance.org/d/msgid/fido-dev/b7712ac9-58d7-4c0f-8f84-8b6851c05686n%40fidoalliance.org.

[nuno sung]

Correct the options' order, "The keys in every map MUST be sorted lowest value to highest".

https://fidoalliance.org/specs/fido-v2.1-ps-20210615/fido-client-to-authenticator-protocol-v2.1-ps-20210615.html#ctap2-canonical-cbor-encoding-form

[Chung Hsuan Yeh]

Thanks a lot!

Indeed, changing the  option encoding order from

4: {"plat": false, "rk": true, "up": true, "uv": false, "clientPin": false} to 4: { "rk": true, "up": true, "uv": false, "plat": false,"clientPin": false} solves the problem.