W3C home > Mailing lists > Public > public-webauthn@w3.org > November 2021

Re: [webauthn] Breaking change in Chrome 95/W10 (#1677)

From: Anders Rundgren via GitHub <sysbot+gh@w3.org>
Date: Tue, 02 Nov 2021 12:16:39 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-957423911-1635855397-sysbot+gh@w3.org>
After digging into the Chrome source, I found some interesting lines:
```C++
  if (win_native_api_enabled()) {
    const std::u16string desc = l10n_util::GetStringUTF16(
        IDS_WEBAUTHN_TRANSPORT_POPUP_DIFFERENT_AUTHENTICATOR_WIN);
    mechanisms_.emplace_back(
        Mechanism::WindowsAPI(/*unused*/ true), desc, desc,
        GetTransportIcon(AuthenticatorTransport::kUsbHumanInterfaceDevice),
        base::BindRepeating(&AuthenticatorRequestDialogModel::StartWinNativeApi,
                            base::Unretained(this), mechanisms_.size()),
        // The Windows API should have priority unless caBLE does or if there
        // are linked phones.
        !priority_transport.has_value() && paired_phones_.empty());
  }
```
Since I have no registered Bluetooth pairings or linked phones in my computer, I don't understand what is happing here.  For services like GitHub and webauthn.io which specifies credentialId during get(), it does IMO not work as expected because caBLE or linked phones are equally much external tokens as one connected via USB.

https://bugs.chromium.org/p/chromium/issues/detail?id=1265063

-- 
GitHub Notification of comment by cyberphone
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/1677#issuecomment-957423911 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Tuesday, 2 November 2021 12:16:41 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 07:26:44 UTC