Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Calling startAuthentication with a pending conditional UI auth fails in iOS 16.1 simulator

See original GitHub issue

Hello again, I have tested the conditional UI support in the browser library and it is working great both on Safari 16.1 on Mac and Chrome Canary. however there seems to be a problem when testing it on mobile safari on iOS 16.1 simulator (doesn’t seem to work on existing iOS 16 simulator). It does seem that when there is an outstanding startAuthentication call with useBrowserAutofill true, if the traditional webauth is used for signing in, it aborts the outstanding conditional UI but it starts the new request before the aborted request being fully aborted resulting in that call failing. Calling the startAuthentication method again in exactly the same way but without outstanding request works fine then.

Here is a successful conditional UI sign in

https://user-images.githubusercontent.com/100665288/193427560-d15eb783-c3b8-49ab-a769-b7da948be572.mov

Here is the traditional webauth sign in. Notice the first attempt fails with error at 00:05

NotAllowedError: No available authenticator recognized any of the allowed credentials
WebAuthnError — index.js:48
identifyAuthenticationError — index.js:185
(anonymous function) — index.js:237
asyncFunctionResume
(anonymous function)
promiseReactionJobWithoutPromise
promiseReactionJob

https://user-images.githubusercontent.com/100665288/193427498-6fd07c52-e5cc-4bf4-b781-a29f0e825f69.mov

In the example code here it seems the calling for normal request happens at the error handling of aborting the conditional one. this seems convoluted and not sure if this is really needed to handle the abort correctly or not

let startConditionalRequest = async () => {
  if (window.PublicKeyCredential.isConditionalMediationAvailable) {
    console.log("Conditional UI is understood by the browser");
    if (!await window.PublicKeyCredential.isConditionalMediationAvailable()) {
      showError("Conditional UI is understood by your browser but not available");
      return;
    }
  } else {
    // Normally, this would mean Conditional Mediation is not available. However, the "current"
    // development implementation on chrome exposes availability via
    // navigator.credentials.conditionalMediationSupported. You won't have to add this code
    // by the time the feature is released.
    if (!navigator.credentials.conditionalMediationSupported) {
      showError("Your browser does not implement Conditional UI (are you running the right chrome/safari version with the right flags?)");
      return;
    } else {
      console.log("This browser understand the old version of Conditional UI feature detection");
    }
  }
  abortController = new AbortController();
  abortSignal = abortController.signal;
  
  try {
    let credential = await navigator.credentials.get({
      signal: abortSignal,
      publicKey: {
        // Don't do this in production!
        challenge: new Uint8Array([1, 2, 3, 4])
      },
      mediation: "conditional"
    });
    if (credential) {
      let username = String.fromCodePoint(...new Uint8Array(credential.response.userHandle));
      window.location = "site.html?username=" + username;
    } else {
      showError("Credential returned null");
    }
  } catch (error) {
    if (error.name == "AbortError") {
      console.log("request aborted, starting vanilla request");
      startNormalRequest();
      return;
    }
    showError(error.toString());
  }
}

Issue Analytics

  • State:closed
  • Created a year ago
  • Comments:5 (4 by maintainers)

github_iconTop GitHub Comments

1reaction
MasterKalecommented, Oct 3, 2022

I submitted feedback and raised it with someone at Apple (as best I can via Twitter lol)

Here’s a basic HTML reproduction page I created and included in my feedback, to prove it’s not a SimpleWebAuthn issue 😃

<!DOCTYPE html>
<html lang="en">
<head>
  <meta charset="UTF-8">
  <meta http-equiv="X-UA-Compatible" content="IE=edge">
  <meta name="viewport" content="width=device-width, initial-scale=1.0">
  <title>Conditional UI iOS 16 Bug</title>
</head>
<body>
  <button id="btnAuth">Authenticate</button>
  <script>
    const abortController = new AbortController();

    async function startModalUIAuthentication() {
      abortController.abort('Starting modal auth attempt');

      try {
        const credential = await navigator.credentials.get({
          publicKey: {
            challenge: new Uint8Array([1,2,3,4]),
          },
        });

        console.log(credential);
      } catch (err) {
        // iOS 16 will immediately throw a NotAllowedError here
        // but still prompt for WebAuthn interaction
        console.error('Error with modal UI auth:', err);
      }
    }

    async function startConditionalUIAuthentication() {
      console.log('Starting conditional UI auth attempt');

      try {
        const credential = await navigator.credentials.get({
          publicKey: {
            challenge: new Uint8Array([1,2,3,4]),
          },
          mediation: 'conditional',
          signal: abortController.signal,
        });
      } catch (err) {
        console.error('Error with conditional UI auth:', err);
      }
    }

    document.querySelector('#btnAuth').addEventListener('click', startModalUIAuthentication);
    startConditionalUIAuthentication();
  </script>
</body>
</html>
0reactions
MasterKalecommented, Oct 3, 2022

I’m converting this into a Discussion because the issue seems to exist pretty firmly at the browser/OS level.

And if we start discussing implementation questions like, “should the modal UI get triggered from an AbortError detected when Conditional UI errors out”, that’s going to still be something handled by a project using SimpleWebAuthn as opposed to anything I could address within this library 🤔

Read more comments on GitHub >

github_iconTop Results From Across the Web

Troubleshooting · MasterKale/SimpleWebAuthn - Discussions
Calling startAuthentication with a pending conditional UI auth fails in iOS 16.1 ... recognized any of the allowed credentials" in iOS, even in...
Read more >
Simulator crashing with iOS < 1… | Apple Developer Forums
I tried iOS12, iOS12.4, iOS13.7 and they all crash with the same error. This only started since upgrading to Big Sur. Nothing has...
Read more >
Firebase UI Phone Authentication not working on simulator
It appears that going to the simulator's Device section and click "Erase All Content and Settings" fixes this problem.
Read more >
Apple iOS 16.1.2 Release: Should You Upgrade? - Forbes
While the carrier improvements are a mystery, the Crash Detection improvements are essential and should reduce the number of false calls made to ......
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

Verification error: Invalid key for curve: "Public key is not a point"

Next page

multiple calling of startAuthentication in conditional autofill causes reset to clear webauthnAbortService