Comments (11)
Can confirm github works too
(this is good for me upping all my security π )
from kr-u2f.
@frankh what site is this for? I thought chrome dropped support for the token binding standard anyways..?
from kr-u2f.
I've done some more research and it seems that token-binding is not supported anywhere
It's a private project that's requiring this flag, i'll bug them to remove the requirement.
from kr-u2f.
Actually, it does look like this is a bug
According to the spec[1], the only valid values for this field are "supported" and "present" - so "not-supported" causes it to be rejected, but skipping the field entirely works.
I think the fix is to simply remove the field from the clientData here
Line 164 in f9599d4
[1] https://www.w3.org/TR/webauthn/#dom-collectedclientdata-tokenbinding
from kr-u2f.
Created a PR here #30
from kr-u2f.
It seems this was valid at some point, but is no longer, see: w3c/webauthn#914
from kr-u2f.
While the PR looks good wrt to the spec, I wonder if this will break other sites that maybe also donβt realize this spec change (especially sites that support U2F only). Have you tested this change with sites like Google, Dropbox, etc...?
from kr-u2f.
I just tested with Google and Dropbox and can confirm they still work. It also seems that my Yubikey 5C doesn't send this field in clientData, so anything that supports that should work with this change
from kr-u2f.
Hm I would also test with a site that is U2F only i.e maybe GitHub & GitLab (Google and Dropbox both are webauthn). Might need to set/send the field differently based upon the protocol but I'm not sure.
from kr-u2f.
hi, just wondering if you're considering merging this?
from kr-u2f.
Sorry for the delay, I had merged this a little while back.
from kr-u2f.
Related Issues (20)
- Firefox on Windows 10 1903 will not move past the Windows Security dialog. HOT 2
- Support Safari 13 HOT 32
- Safari v13 disables Krypton support HOT 1
- GitHub and Twitter say: TOR under MacOS (based on Mozilla Firefox 60.9.0esr) doesn't support security keys HOT 2
- Problem when url has a port HOT 1
- Code review scan by lgtm.com : 15 alerts
- [macOS Safari 13 Extension] Registration on Google fails HOT 11
- Pairing Mac desktop app with Android app failing HOT 2
- Please don't use node and npm.
- Failing to log in using Firefox HOT 13
- krypton almost never works the first time...
- GitHub U2F is still marked as "fix"
- Be VERY careful when you use this! HOT 5
- Support Microsoft Authenticator HOT 6
- Pareamento com windows 10 nΓ£o funciona HOT 1
- Mozilla Thunderbird
- Akamai app is awful HOT 1
- Violate the web store policy HOT 2
- x
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
π Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. πππ
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google β€οΈ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from kr-u2f.