Status Update
No update yet.
Comments
bl...@google.com
ak...@google.com
The error you posted state "activity is cancelled by the user". This implies the request was cancelled somehow during the request.
Can you grab a bugreport and attach it to this bug?
ha...@google.com
ak...@google.com
Thanks Harsh for your expansion on the information given.
@lu...@gmail.com, does your use case with attestations utilize security keys in any way (for either single or cross device cases?). For the cross device case, given the reference from Harsh, you should be able to adhere to the spec if security keys aren't used (and thus the expected 'none' use case is intended).
Would you mind adding more information alongside a bug report? That will help us understand the challenge scenario better.
Thank you for your assistance. Once you've shared the relevant details, please assign this bug back to me and we can go from there.
Description
Component used: Credentials
Version used: Credential Manager @ Google Play Sysmte updated August 1, 2024
Devices/Android versions reproduced on: Pixel 8
When I do passkey registration via credential manager there are 2 ways:
When the payload is shared to my demo Authenticator app from credential manager, I see a difference of payload received in both same device / cross device registrations. Attaching a file with the example payloads.
2 Questions:
Looking at the file, I clearly see "attestation" property is missing in cross device registration scenario. Why is that? If "attestation" is NOT present am I going to assume that it will be "None" / "DIRECT" / "INDIRECT" ? (Following these instructions,https://w3c.github.io/webauthn/#enumdef-attestationconveyancepreference )
The challenge that was sent by my server was NOT that is received by my authenticator app. The challenge changes (specifically in cross device scenario). Why is that? Any pointers to this will be great.
Thank you