iOS BLE authenticator Webauthn Register issue (only in Google Chrome)

[Ahmad Syarif]

Hi,

I am Developing a mobile BLE authenticator application for both Android and iOS. 

I tested the app to register and login on Webauthn.io with 3 different browsers:

1. Microsoft Edge (44.19041.1.0)
2. Mozilla Firefox (88.0.1)
3. Google Chrome (90.0.4430.93)

For Android  BLE authenticator, it run smoothly on those 3 different browsers.

Meanwhile for iOS BLE  authenticator, it run smoothly only in Microsoft Edge and Mozilla Firefox (Attached the screenshot). However in Google Chrome, the Registration in Webauthn.io did not run smoothly. It throw an error DOMException: The operation either timed out or was not allowed. 

Below is full registration response constructed in iOS:83055200a30258a474a6ea9213c99c2f74b22492b320cf40262a94c1a950a0397f29250b60841ef04500000000326adcf00cef46d0939298d6c4a84a800020e084209a97f85d67cd917b8fec8ace12462a580205cc0d814a3a53e7c90bc473a5225820876b8f672186d90e2bd945ec5ac626f7356d463f5eb879e10190463e3b2bbb762001010203262158201a2c2e80d16d4ec95ea07fdf0da7d36c086af15918570d6d683a1640c9da92e603a363783563815904453082044130820229a003020102020101300d06092a864886f70d01010b05003081a13118301606035504030c0f4649444f32205445535420524f4f543131302f06092a864886f70d0109011622636f6e666f726d616e63652d746f6f6c73406669646f616c6c69616e63652e6f726731163014060355040a0c0d4649444f20416c6c69616e6365310c300a060355040b0c03435747310b3009060355040613025553310b300906035504080c024d593112301006035504070c0957616b656669656c64301e170d3138303532333134333934335a170d3238303532303134333934335a3081c23123302106035504030c1a4649444f32204241544348204b4559207072696d6532353676313131302f06092a864886f70d0109011622636f6e666f726d616e63652d746f6f6c73406669646f616c6c69616e63652e6f726731163014060355040a0c0d4649444f20416c6c69616e636531223020060355040b0c1941757468656e74696361746f72204174746573746174696f6e310b3009060355040613025553310b300906035504080c024d593112301006035504070c0957616b656669656c643059301306072a8648ce3d020106082a8648ce3d030107034200044f3a5e5eab6c1fbcae97f6df644996762c7bef7200402a76c6f230f6556f17aa999b597fc4bf508aaf8e9ef0cd013f5ab9bd27914bf0804378cbccb11b89b546a32c302a30090603551d1304023000301d0603551d0e04160414564df7c0f8c655b6a11f6c4d19f3bf41e2fd0179300d06092a864886f70d01010b0500038202010087dda09ff8208905d12d41ce09a4e9d47a5c061b0ec3c6704ca241c7060af32710e7f4115c170c462f1ac557b11f61e85034e0feef8392f1f65181988d7fd1031806221e1d3e0aca5f056776d330888e509d0c1732870ab73cb27ae490bfa20dc24fd00ae24be4b380c8fb4d5163136ff52f09c7585a3b5960539e61048af53ffa76d592a7a5c08484f8c1fdc205ac726a2f988919f79df8b5e78bd4aeab6e0e1e7a78e0caefe21ece0f67a5bb9c967dd7c56fe4461b64d85111481981a28ec8a2d3ddf0d1930139f052fb75eafc3ac77996d9aeb364638e79809099e5e57cdcdaedf49f7f505d1564797f8709d20140bf6f7b4dfe5d19942f643dc373243d389789dd1410f629d7d0d871935fba726d62d9ef21f604cdee8b63a989a71a3b377b384f75ac7601dae67243b8dd836e7217d33c408f4d1ccfe2b428dd06f018b784024fc757ea0999888191d85fd85d902cc9bb49d7aa6752638355b5bcd253dbcf2f8f510617efda29783f6ee8c068af3afd834f049696f51770e049df1548b96c47640f9652a5e007090cc20e7d91ce4063b36ad315ee2a445516b42f91678c05a91c7bd235cb230f80ae979eb698edcc948da90b2a3e512fa72331b95d998e7aee036ff2b0fdd10f3a8db3b47c25534a8a27b44406c6edeb78dd42d9702ee88b1f09298b09eb00e65fc1b2cbbbd633e2d2f57899507dfbb04bf02896ccfb1c637369675847304502204513b1b3297e596aecf0f4c0f9891a6ce2e36d949bc35964b38bfd132a5d8d0d022100ef80810b7a976dd314c1f20b9e98f20294542f2c4adc8be8f3cc26b7cd14aed363616c672601667061636b6564

I have double confirmed that there is no problem with the constructed response and fragmentation. As the app able to run smoothly in other browsers (Microsoft Edge and Mozilla Firefox).

Anyone else here facing the same issue?

Does iOS BLE got compatibility issue with Google Chrome?

Hopefully someone can help me on this problem.

Thank you.

[Eldan Ben Haim]

Which iOS version are you testing with? With iOS 14.5 I believe that Chrome uses the native iOS FIDO2 WebAuthn client -- which should behave exactly like Safari

--
You received this message because you are subscribed to the Google Groups "FIDO Dev (fido-dev)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to fido-dev+u...@fidoalliance.org.
To view this discussion on the web visit https://groups.google.com/a/fidoalliance.org/d/msgid/fido-dev/9303e221-fb00-4cd2-94ab-9696ab589868n%40fidoalliance.org.

[nuno sung]

You should check again the response's  credentialPublicKey 

>A5225820876B8F672186D90E2BD945EC5AC626F7356D463F5EB879E10190463E3B2BBB762001010203262158201A2C2E80D16D4EC95EA07FDF0DA7D36C086AF15918570D6D683A1640C9DA92E6

This is not in correct CTAP2 canonical CBOR encoding form.

Ahmad Syarif 在 2021年5月18日 星期二下午8:17:55 [UTC+8] 的信中寫道：

(..........)

Below is full registration response constructed in iOS:83055200a30258a474a6ea9213c99c2f74b22492b320cf40262a94c1a950a0397f29250b60841ef04500000000326adcf00cef46d0939298d6c4a84a800020e084209a97f85d67cd91

(.......)

I have double confirmed that there is no problem with the constructed response and fragmentation. As the app able to run smoothly in other browsers (Microsoft Edge and Mozilla Firefox).

(........)

[nuno sung]

Besides, your whole  authenticatorMakeCredential response structure  needs to be in  CTAP2 canonical CBOR encoding form  as well....

nuno sung 在 2021年5月18日 星期二下午10:53:26 [UTC+8] 的信中寫道：

[HL]

Hi there,

When you say it's not in correct form, are you referring to " The keys in every map must be sorted lowest value to highest." this rule? 

[Ahmad Syarif]

Thank you, it solved my problem.

Appreciate your help.

On Tuesday, May 18, 2021 at 10:53:26 PM UTC+8 nuno sung wrote: