Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Webauthn PRF extension support #13

Open
hugomrdias opened this issue May 19, 2023 · 3 comments
Open

Webauthn PRF extension support #13

hugomrdias opened this issue May 19, 2023 · 3 comments

Comments

@hugomrdias
Copy link
Member

hugomrdias commented May 19, 2023
edited

Currently the demo relies on the PRF extension to handle UCAN signatures and WNFS encryption.
The support for this extension is still limited across devices and browsers, check the following sections to have a better picture of what works and what doesn't.

Auth flows tracking list

  • MacOS
    • Chrome using Yubikey ✅
    • Chrome on an Android device (Device Pairing) ✅
    • Chrome on an Android device (QR Code Pairing) ✅
    • Chrome using Touch ID ❌
    • Safari ❌
    • Firefox ❌
  • Android
    • Chrome using Device Lock ✅
    • Chrome using another Android device (Cloud Sync) ✅
  • iOS
    • Webkit ❌
  • Windows
    • 🤷🏻‍♂️

Support

Feature Android iOS MacOS Windows
Passkey 9+ ✅ 16+ ✅ 13+ ✅ 10+ ✅
Cross-Device Authentication Chromium ✅
Safari ❌		 2
Cloud Sync Safari ✅
Chromium 1 🚧
PRF Extension Chromium 3 Chromium 3,4 🚧
Safari ❌

1 Planned using iCloud.

2 No support on the OS level but works directly on Chromium.

3 Behind chrome://flags/#enable-experimental-web-platform-features, doesn't work with CDA.

4 Platform authenticator on mac doesnt support it but yubikey does.

References
@hugomrdias hugomrdias pinned this issue May 19, 2023
@0xjjpa
Copy link

0xjjpa commented Aug 17, 2023
edited

I believe based on the last comments from the intent to ship thread this has landed already in Chrome M116, right? FWIW I tested Chrome Canary m118 with beta features enabled in https://securitykeys.info/ts/test_suite.html and still got a No PRF error.

@0xjjpa
Copy link

0xjjpa commented Oct 9, 2023

FWIW not sure if it helps but largeBlob is now generally available in iOS and macOS for Safari 17. Might be a good alternative to prf if we can secure the client and only store the needed output as a largeBlob.

Feel free to test in https://glitch.com/~webauthn-large-blob

@wesbiggs
Copy link

Thanks for tracking this, really useful.

@0xjjpa it looks like there is a (possibly new?) same-origin policy enforced, to use your example I had to pop out of the glitch frame and open https://webauthn-large-blob.glitch.me/ in its own tab.

I can confirm largeBlob working on Safari 17.1 (MacOS 14.1.1) and Safari in iOS 17.1.1

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@hugomrdias @0xjjpa @wesbiggs