Cross Browser Authentication with FIDO Webauthn

[Thamindu Dilshan Jayawickrama]

Hi All,

I'm wondering whether FIDO Webauthn registration and authentication supposed to work across multiple browsers (security key registration from one browser and authentication from another browser). From what I have found, webauthn spec doesn't store anything in the browser side and hence should work across browsers. 

I have observed this is working fine with windows hello, but doesn't work with MacOS touch ID as it stores credentials in browser. I'm looking for some clarification or article with a good explanation involving platform and roaming authenticators.

Found a similar issue on stackoverflow as well without a proper answer for touch ID.

https://stackoverflow.com/a/64738203/8855629

Thank you,

Thamindu

[DUBOUCHER Thomas]

Hi,

 

Yes, it is supposed to.

 

As you discovered, Windows already provide a native APIs for browsers (https://github.com/microsoft/webauthn), whereas it is still a work in progress in OS X.

 

Consequently, browsers on Windows “share” credentials; while on OS X, Chrome, Firefox, etc, all use their own local storage, with their default implementation for Unix. It’s the same behavior currently on Debian, etc.

 

Best regards,

 

--

Thomas Duboucher

--
You received this message because you are subscribed to the Google Groups "FIDO Dev (fido-dev)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to fido-dev+u...@fidoalliance.org.
To view this discussion on the web visit https://groups.google.com/a/fidoalliance.org/d/msgid/fido-dev/2242027d-85fd-4c33-9a59-ae1d5ddec72en%40fidoalliance.org.

[Thamindu Dilshan Jayawickrama]

Hi Thomas,

Thanks for your reply. Is there an official place where this OS X and Debian limitation is mentioned?

Thanks & Regards,

Thamindu