Issues with custom FIDO hybrid authenticator + tunnel (Safari drop / Windows linked device disappears)

[Grzegorz Kołaski]

Hi all,

I’m working on a custom mobile FIDO hybrid authenticator + custom tunnel service (The routing ID is advertised over BLE). I’m aware there are more native solutions for Android/iOS, but I still need to implement my own stack.

I’m currently stuck on two issues and would appreciate any guidance:

1) Safari (QR flow):

After scanning the QR code, Safari connects but then most of the time (not 100%) drops the WebSocket shortly after. The same flow works fine in Chrome.

Has anyone seen Safari-specific behavior that would cause the tunnel connection to close after QR scan?

2) “Simplified login” / state-assisted flow on Windows:

I can see my device registered in Windows (it appears in the registry). But when I click “Authorize”, instead of showing the device in Windows Security window, it disappears.

Is there a known requirement/trigger to force Windows to use the simplified (state-assisted) login and actually keep the device available?

Any hints, Safari quirks, or platform requirements would be really helpful.

Thanks in advance!

[Tim Cappalli]

Cross-device authentication (e.g. hybrid) is not something authenticators implement. It is implemented by the client platform. 

When you build a credential manager using credential management APIs on each respective platform, CDA is handled automatically.

tim

--
You received this message because you are subscribed to the Google Groups "FIDO Dev (fido-dev)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to fido-dev+u...@fidoalliance.org.
To view this discussion visit https://groups.google.com/a/fidoalliance.org/d/msgid/fido-dev/5dcc139a-22a8-4182-853d-8c75fa1de3d8n%40fidoalliance.org.