Opened 19 months ago

Last modified 11 months ago

#18426 new enhancement

Webkit: WebAuthn support

Reported by: kallisti5 Owned by: pulkomandy
Priority: normal Milestone: Unscheduled
Component: Kits/Web Kit Version: R1/beta4
Keywords: Cc: nephele
Blocked By: Blocking:
Platform: All

Description (last modified by kallisti5)

WebPositive badly needs FIDO2 / Webauthn support.

Passwordless logins (pure OTP auth) are taking off (removing the password concept from OTP), and we have zero support. As these Webauthn / passwordless services become more widely accepted, users will begin to be unable to login to their favorite web applications from Haiku

Devices like the Yubikey present as USB HID devices, so hardware already works today.

1050:0407 /dev/bus/usb/1/2 "Yubico.com" "Yubikey 4/5 OTP+U2F+CCID" ver. 0437

Usage is already pretty wide-spread across browsers: https://developer.mozilla.org/en-US/docs/Web/API/Web_Authentication_API#browser_compatibility

Attachments (2)

auth.png (46.3 KB ) - added by kallisti5 19 months ago.
Example webauthn in Opera
webauthn.png (434.4 KB ) - added by kallisti5 19 months ago.
example in webpositive

Download all attachments as: .zip

Change History (7)

comment:1 by kallisti5, 19 months ago

As a side note, I'm pretty sure Haiku, Inc. would be willing to fund some FIDO2 devices to any developers interested in improving support.

One motivation for me was looking at passwordless.dev, we could really use an external user directory, and passwordless logins via FIDO2 devices is compelling.

by kallisti5, 19 months ago

Attachment: auth.png added

Example webauthn in Opera

by kallisti5, 19 months ago

Attachment: webauthn.png added

example in webpositive

comment:2 by kallisti5, 19 months ago

Description: modified (diff)
Summary: FIDO2 support in WebPositiveWebAuthn support in WebPositive

comment:3 by kallisti5, 19 months ago

Looking at the webkit port... --[no-]web-authn is a flag for build-webkit. I'm assuming we need some extra bits wired up for it? Going to try a local webkit build with it and see what happens.

comment:4 by kallisti5, 19 months ago

/sources/haikuwebkit-HaikuWebKit-1.9.4/Source/WebCore/Modules/credentialmanagement/CredentialRequestOptions.h:41:11: error: declaration of 'using MediationRequirement = enum class WebCore::MediationRequirement' changes meaning of 'MediationRequirement' [-fpermissive]
   41 |     using MediationRequirement = MediationRequirement;
      |           ^~~~~~~~~~~~~~~~~~~~
/sources/haikuwebkit-HaikuWebKit-1.9.4/Source/WebCore/Modules/credentialmanagement/CredentialRequestOptions.h:38:12: note: 'MediationRequirement' declared here as 'enum class WebCore::MediationRequirement'
   38 | enum class MediationRequirement : uint8_t { Silent, Optional, Required, Conditional };
      |            ^~~~~~~~~~~~~~~~~~~~

hm

comment:5 by nephele, 11 months ago

Cc: nephele added
Component: Applications/WebPositiveKits/Web Kit
Keywords: FIDO2 Webauthn removed
Summary: WebAuthn support in WebPositiveWebkit: WebAuthn support

Hi kallisti5, totally missed this one since I don't check webpositive tickets. :)

I'm assuming we first need some OS level support for this, but I will investigate the webkit side once I have time to do so.

Note: See TracTickets for help on using tickets.