WebAuthn ceremony changed for cross-platform attachment on Windows 11 23H2

146 views
Skip to first unread message

Steven Chu

unread,
Nov 14, 2023, 11:58:00 PM11/14/23
to FIDO Dev (fido-dev)
Hi All,

After upgrading my Operating System to Windows 11 23H2, I discovered that users are forced to choose between Mobile and Security Key when registering a new credential and making assertion even if the Authenticator Attachment is set to 'cross-platform'.

Is it possible for Windows WebAuthn client to recognize that a credential was registered using a USB security key previously? Next time when the user wants to authenticate to the website, the WebAuthn client can directly recognize that it needs to send the credential to a USB security key thus preventing the need for the user to select which device they want to authenticate with.

I've tried to add 'usb' to the Authenticate Transport Enumeration. However, the behavior of the WebAuthn Client stays the same.

IMO, the extra step that the user needs to do makes the experience less user-friendly. Is there any way to improve this?

Tim Cappalli

unread,
Nov 15, 2023, 10:06:13 AM11/15/23
to Steven Chu, FIDO Dev (fido-dev)
For create ceremonies, this is expected and by design as both security keys and CDA authenticators are cross-platform authenticators.

For get with an allowlist that includes credential IDs with only usb and/or nfc, there is currently a bug that will still show both security key and CDA. It will be addressed in a future update.

Tim

--
You received this message because you are subscribed to the Google Groups "FIDO Dev (fido-dev)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to fido-dev+u...@fidoalliance.org.
To view this discussion on the web visit https://groups.google.com/a/fidoalliance.org/d/msgid/fido-dev/caeed984-deb0-417b-8346-381b1a82888fn%40fidoalliance.org.

Steven Chu

unread,
Nov 15, 2023, 10:19:02 PM11/15/23
to FIDO Dev (fido-dev), Tim Cappalli, Steven Chu

Ahh a bug! Thank you for clarifying.
Is the bug documented? Are we able to track the update of this issue?

Thanks in advance.

Steven

Tim Cappalli

unread,
Nov 16, 2023, 9:57:25 AM11/16/23
to Steven Chu, FIDO Dev (fido-dev), Steven Chu
You can test the fix with Chrome Canary (121+).

Tim

Reply all
Reply to author
Forward
0 new messages