Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

multiple calling of startAuthentication in conditional autofill causes reset to clear webauthnAbortService

See original GitHub issue

when startAuthentication is called multiple times in succession, the createNewAbortSignal is called 3 times options.signal = webauthnAbortService.createNewAbortSignal();

However the corresponding reset is called later also 3 times causing WebAuthnAbortService.controller to be undefined. i.e. the abort controller of the last call is lost webauthnAbortService.reset();

Here is my proposal to fix this.

change the reset method to accept an abortController

  reset(abortSignal) {
    if (this.controller?.signal === abortSignal) {
      this.controller = undefined;
    }
  }

call the reset method with the associated controller, so this way the controller is not overriden

webauthnAbortService.reset(options.signal);

Here is an attached video of the symptoms:

https://user-images.githubusercontent.com/100665288/192169058-3585728f-eee8-4c2c-a04c-4e89f31f4089.mov

Issue Analytics

State:
Created a year ago
Comments:10 (5 by maintainers)

Top GitHub Comments

2reactions

MasterKalecommented, Sep 28, 2022

@sameh-amwal I have a PR ready with a fix. If you’re comfortable with cloning and npm install’ing file paths you should be able to test it locally with something like this:

$> git clone https://github.com/MasterKale/SimpleWebAuthn.git
$> cd SimpleWebAuthn
$> git checkout fix/webauthn-abort-controller-race-condition
$> npm install
$> npm run build:browser
$> cd ../my-project
$> npm install ../SimpleWebAuthn/packages/browser
$> npm start

NPM does support npm install’ing branches on a repo, but unfortunately because SimpleWebAuthn is a monorepo you have to jump through a few extra steps instead.

If the steps above prove too tricky then let me know and I can cut a new alpha release for you to simply npm install and confirm the fix.

1reaction

sameh-amwalcommented, Sep 28, 2022

Alright, so I can take this comment to mean that the fix in #275 successfully addresses this issue?

Absolutely. Thanks for the fix 🙏

Top Results From Across the Web

Support Filtering by allow list in Conditional UI #1793 - GitHub

As I worked on implementing Conditional UI, I realized that while the confirming credentials can only be for the currently authenticated ...

Implementing a simple autofill / conditional UI flow for passkeys

This will prompt the user with a credential if one is discovered on the device that matches the current origin of the webpage....

Apostille Documents | General Information - GSCCCA

General Apostille Information. GSCCCA Document Authentication. Georgia has two separate and distinct state agencies authorized to authenticate documents.

Requesting Authentication Services - travel.gov

State.Gov. U.S. DEPARTMENT of STATE — BUREAU of CONSULAR AFFAIRS ... The fee to authenticate documents has increased to $20 per document for...