Webauthn working on Chrome(Desktop) but not on android

Question

Webauthn working on Chrome(Desktop) but not on android

douglasroos opened this issue 4 years ago · 5 comments

The package is working fine with Google Chrome Desktop on a Windows 10 PC using windows hello, however in android the devices register successfully as I can see the data on the log but when trying to login the userHandle says NULL while on the desktop the userHandle has the uuid.

Working Google Chrome with Windows 10:

array (
 'id' => 'dJjow4rF261_sEpbZKq1jPCsf122ssRZY9y4aL-qUnE',
 'rawId' => 'dJjow4rF261/sEpbZKq1jPCsf122ssRZY9y4aL+qUnE=',
 'response' =>
 array (
   'authenticatorData' => 'dVNCo7N4HwFvr8OfsnhZHulzNq/CpP4Dcq2AFBnmp4EFAAAAAg==',
   'clientDataJSON' => 'eyJ0eXBlIjoid2ViYXV0aG4uZ2V0IiwiY2hhbGxlbmdlIjoiLVE0ZWdMSTY5bHJMX0otN0xqY09IUSIsIm9yaWdpbiI6Imh0dHBzOi8vc3RhZ2luZy50dXJpY29pbi5uZXQiLCJjcm9zc09yaWdpbiI6ZmFsc2UsIm90aGVyX2tleXNfY2FuX2JlX2FkZGVkX2hlcmUiOiJkbyBub3QgY29tcGFyZSBjbGllbnREYXRhSlNPTiBhZ2FpbnN0IGEgdGVtcGxhdGUuIFNlZSBodHRwczovL2dvby5nbC95YWJQZXgifQ==',
   'signature' => 'odVDuyRMw9YIlx+mzhs76VcKSMvCc7C+TBKmdzZGzWLsuUdqWroAN14vxkuge2w+KKYQnfoXLUAazLe94MhIBBktAPaEvvgSPUq0DB98FMoCzI81BsB2Yi1m32KbPO+OtpEZeaWMeCSddtNTFMntb8vmorvYO1vTwQGBlJidQZS7b39Kh7ixW/G6S3YwwMHVtG/g12/JnpkpzjbzWGvrx7oHgt0vhUevnppuTZhilFvygUkRZeCspEr1KIhP+1w+xyGd4Auom+iXieuHV+hQCyfQc03e3ZO3uauqIwyrFue9CWNJ9tqAxkyupqgcf1BUJfBSLe9Dcr7cdNfjgrw0Ag==',
   'userHandle' => 'ZTc5MWJkZGEtYzRhMS00MjRiLTg2NjItZTU3YzRhYmIzNDVi',
 ),
 'type' => 'public-key',
)

Not Working Google Chrome on Android 10:

array (
  'id' => 'Aaf2Op4CSSB0SenC-JnJ9nGKfCLrq-OO_w2K_I2nYM6vOBWCvWr-r2ECE-1a6y0j93lQIk5rugYwoX37DHZoYig',
  'type' => 'public-key',
  'rawId' => 'Aaf2Op4CSSB0SenC+JnJ9nGKfCLrq+OO/w2K/I2nYM6vOBWCvWr+r2ECE+1a6y0j93lQIk5rugYwoX37DHZoYig=',
  'response' =>
  array (
    'clientDataJSON' => 'eyJ0eXBlIjoid2ViYXV0aG4uZ2V0IiwiY2hhbGxlbmdlIjoiY2dWcGxTa1lfd2N2RHdiYjBrQXRsQSIsIm9yaWdpbiI6Imh0dHBzOlwvXC9zdGFnaW5nLnR1cmljb2luLm5ldCIsImFuZHJvaWRQYWNrYWdlTmFtZSI6ImNvbS5hbmRyb2lkLmNocm9tZSJ9',
    'authenticatorData' => 'dVNCo7N4HwFvr8OfsnhZHulzNq/CpP4Dcq2AFBnmp4EFAAAAAg==',
    'signature' => 'MEUCICcWlIP3H2yeSXHKGTr3SRPS6ES+tRMpLIKv+y28XRzuAiEA3pqJEbBqnZNBjVl+4PNHk3vghKE7DEm7sDiBt5AbjAQ=',
    'userHandle' => NULL,
  ),
)

The userHandle index is empty so this leads to the library response 422

Answer 1 · 2021-03-18T18:02:52.000Z

Ill have to look into this on the next next version.

Answer 2 · 2021-03-22T01:43:43.000Z

Okay, I've put an alpha for v3.0.

Check it out for any problems. I'll make a full project with it to test it thoroughly.

Answer 3 · 2021-03-31T21:50:37.000Z

Figured it out. Its nullable by W3C spec, so there is nothing wrong with the device going for a login and null'ing the `userHandle'.

The problem is that the downstream dependency demands an userHandle, so there is no fix.

Answer 4 · 2021-04-01T06:02:16.000Z

Addup, this can be fixed by using larapass.userless to required, forcing the device to always push a userHandle.

Answer 5 · 2021-11-20T20:43:03.000Z

In my case this did not work. It gives me error 422 (unknown user)

The android divices accepts registering but dont accept login

Addup, this can be fixed by using larapass.userless to required, forcing the device to always push a userHandle.