Windows 10 version 1903 about webauthn HOT 11 OPEN

Thanks for the feedback about MacOS. Do you have a fingerprint reader on your Mac, and did that work?

Re 1903, I find that in all browsers, Windows Hello doesn't currently offer me the option of using a Yubico key even though I have registered it. I don't understand why at the moment.

Before 1903, I believe the key was being handled by the browser directly rather than Windows Hello.

from webauthn.

No, I do not have a fingerprint reader on the Mac, but I will buy some for testing ...
on the other hand it works well with fingerprints with Firefox and Chrome on an Android phone.

from webauthn.

Thanks.

If you were testing Fireforx with Windows Hello and Key through webauth.savesnine.info could you have another go now?

I was able to register my Yubico key if I turned on the usually commented out 'cross-platform' line in prepareChallengeForRegistration, and discovered it was returning a different value for fmt than before 1903. Allowing this lets it proceed, so I am hopeful it will in your case too where it doesn't seem to need cross-platform. (I am assuming that cross-platform allows you to use the key on other computers by identifying the key directly, rather than storing the identity as Windows Hello, which only works on one computer but with any of its enabled identity methods).

If you were using the code directly in your own test, I've updated the master with this same change.

from webauthn.

See also #34 - I made cross-platform an option

from webauthn.

Hello @davidearl

I still have the same problems with the latest changes!
on the other hand I put this in comment and everything works well everywhere under Windows!

why the "fmt" can not be "fido-u2f"?
yet it works by having this value of "fmt"!

/*if ($ao->fmt == 'fido-u2f') {
            $this->oops("cannot decode FIDO format responses, sorry");
  } elseif ($ao->fmt != 'none' && $ao->fmt != 'packed') {
            $this->oops('cannot decode key response (4)');
  }*/

from webauthn.

In fact I do not have a Windows 10 on a physical station, it is a virtual instance with Virtualbox, and Virtualbox crashes as soon as I use the keys! I should have a computer with Windows 10 to be sure! (I hate Windows !!!!!!) ;-)

from webauthn.

The code is essentially a translation of one of the original examples, which was in JavaScript. That example specifically excluded fido-utf2 , which is the precursor to webauthn, which presumably your key us. But if it works with that, there doesn’t seem any good reason to exclude it.

from webauthn.

I am not sure that the option "discouraged" is secure !!
With your latest changes, Windows Hello saves the key, but as soon as you want to save the key in another application, it saves it without asking!
more when I want to use your library, the browser no longer asks for the key, it takes direct Windows Hello!

$result->authenticatorSelection->userVerification = 'discouraged';

from webauthn.

you see this project ? (branch webauthn)

https://github.com/Firehed/u2f-php/tree/webauthn

from webauthn.

I have the same problem. Login on Windows 1903 works, but registration of a new key does not work. In the past Firefox was showing a small popup, telling the user to insert the key and press the button. Now it's a Microsoft popup ( Microsoft Hello?), and now it does not work anymore.

It's the
$ao->fmt == 'fido-u2f'
check that fails with "cannot decode FIDO format responses, sorry"

If I comment the if-statement (and the elseif) like @hregis wrote, it works fine.

from webauthn.

You won't see a popup from Firefox anymore. It's an update of 1903 that all goes through Windows Security. If you try it out here you'll get the same results
https://webauthn.io/

Also, see #27 (comment)

from webauthn.