Opened 11 months ago
Last modified 3 months ago
#18426 new enhancement
Webkit: WebAuthn support
| Reported by: | kallisti5 | Owned by: | pulkomandy |
|---|---|---|---|
| Priority: | normal | Milestone: | Unscheduled |
| Component: | Kits/Web Kit | Version: | R1/beta4 |
| Keywords: | Cc: | nephele | |
| Blocked By: | Blocking: | ||
| Platform: | All |
Description (last modified by )
WebPositive badly needs FIDO2 / Webauthn support.
Passwordless logins (pure OTP auth) are taking off (removing the password concept from OTP), and we have zero support. As these Webauthn / passwordless services become more widely accepted, users will begin to be unable to login to their favorite web applications from Haiku
- Additional Information: https://en.wikipedia.org/wiki/WebAuthn
- Additional Information: https://fidoalliance.org/fido2/
- WebAuthN: https://developer.mozilla.org/en-US/docs/Web/API/Web_Authentication_API
- Hardware: https://www.yubico.com/products/yubikey-5-overview/
Devices like the Yubikey present as USB HID devices, so hardware already works today.
1050:0407 /dev/bus/usb/1/2 "Yubico.com" "Yubikey 4/5 OTP+U2F+CCID" ver. 0437
Usage is already pretty wide-spread across browsers: https://developer.mozilla.org/en-US/docs/Web/API/Web_Authentication_API#browser_compatibility
Attachments (2)
Change History (7)
comment:1 by , 11 months ago
comment:2 by , 11 months ago
| Description: | modified (diff) |
|---|---|
| Summary: | FIDO2 support in WebPositive → WebAuthn support in WebPositive |
comment:3 by , 11 months ago
Looking at the webkit port... --[no-]web-authn is a flag for build-webkit. I'm assuming we need some extra bits wired up for it? Going to try a local webkit build with it and see what happens.
comment:4 by , 11 months ago
/sources/haikuwebkit-HaikuWebKit-1.9.4/Source/WebCore/Modules/credentialmanagement/CredentialRequestOptions.h:41:11: error: declaration of 'using MediationRequirement = enum class WebCore::MediationRequirement' changes meaning of 'MediationRequirement' [-fpermissive]
41 | using MediationRequirement = MediationRequirement;
| ^~~~~~~~~~~~~~~~~~~~
/sources/haikuwebkit-HaikuWebKit-1.9.4/Source/WebCore/Modules/credentialmanagement/CredentialRequestOptions.h:38:12: note: 'MediationRequirement' declared here as 'enum class WebCore::MediationRequirement'
38 | enum class MediationRequirement : uint8_t { Silent, Optional, Required, Conditional };
| ^~~~~~~~~~~~~~~~~~~~
hm
comment:5 by , 3 months ago
| Cc: | added |
|---|---|
| Component: | Applications/WebPositive → Kits/Web Kit |
| Keywords: | FIDO2 Webauthn removed |
| Summary: | WebAuthn support in WebPositive → Webkit: WebAuthn support |
Hi kallisti5, totally missed this one since I don't check webpositive tickets. :)
I'm assuming we first need some OS level support for this, but I will investigate the webkit side once I have time to do so.
As a side note, I'm pretty sure Haiku, Inc. would be willing to fund some FIDO2 devices to any developers interested in improving support.
One motivation for me was looking at passwordless.dev, we could really use an external user directory, and passwordless logins via FIDO2 devices is compelling.