36

danhcole Also, a note for failed 2fa interactions, there is no way to see a failure, or for the website to prompt the user for another 2fa method, other than waiting for the u2f interaction to timeout (and again, there's no indication that there's even an issue)

      2 months later

      Steps to reproduce:
      Try adding a YubiKey via FIDO2 (not YubiKey OTP) that has a PIN code registered to it, on a site that requires entering that PIN such as https://anonaddy.com

      Orion and macOS:
      Orion 0.99.109.1-beta (WebKit 613.1.12)
      macOS Version 12.1 (Build 21C52)
      MacBookAir10,1

      Enabled Extensions:

      • Bitwarden - Free Password Manager (chrome)
      • uBlock Origin (chrome)
      • Bypass Paywalls Clean (firefox)

      Disabled Extensions:

      Non Default Settings:

      • AutofillEnabled => 0
      • ShowFullWebsiteAddress => 1
      • ContentBlockerLastUpdated => 2021-12-21 00:00:00 +0000
      • CustomAppIcon => appicon2
      • CustomAppIconData => {length = 234817, bytes = 0x89504e47 0d0a1a0a 0000000d 49484452 ... 49454e44 ae426082 }
      • ShowBackgroundImageOnStartPage => 0
      • backgroundImageOnStartPage => file:///System/Library/Desktop%20Pictures/Solid%20Colors/Soft%20Pink.png
      • isBackgroundImageDarkOnStartPage => 1
      • ShowRecommendationsOnStartPage => 1
      • FirstLaunch => 0
      • FirstTimeWebExtensionNotice => 1
      • HyperlinkAuditingEnabled => 0
      • LastUsedBuildVersion => 109.1
      • PreCompiledContentRuleListVersion => 109.1
      • LastCrashCheckDate => 2021-12-25 10:15:36 +0000
      • NetworkPredictionEnabled => 0
      • NextBookmarkID => 12
      • NextDownloadID => 15
      • SavedWindowSize => 1280.0,875.0
      • SavedWindowPosition => -2560.0,-0.0
      • SearchSuggestEnabled => 0
      • SendCrashReports => autoSend
      • QuitWithConfirmation => 1
      • CurrentToolbarSize => small
      • ActivePreferenceTab => privacy
        Merged 2 posts from YubiKey 5, no prompts for PIN Code, silently fails.

          Just got access to the iOS beta but saw that I can’t login to websites with security keys. I think it would be really nice if support for security keys was added.

            Merged 1 post from Add support for security keys.
              4 months later

              Not able to logging into AWS console. Until this is resolved, the browser is not usable for anyone who is doing serious development on AWS.

                a month later

                MFA with Yubikey 5 does work for me (at least on Cloudflare), but it often requires plugging it in-and-out a couple times and clicking the retry button.

                  a month later
                  Merged 10 posts from Security key (FIDO2/U2F) doesn't prompt, and doesn't display errors.

                    @gp and others..

                    1. Is WebAuthN the only API we need to support?

                    2. Are you aware of any macOS/iOS dev docs/libraries to make this job easier?

                    • gp replied to this.
                      Vlad changed the title to Support for WebAuthn .

                        Vlad

                        I will revisit this later, as I think it actually “works” behind the scenes in Orion, just without the UI over the top.

                            Vlad

                            Pleased to report that Orion does indeed currently "support" WebAuthn. There is no UI around the feature however, so a user will not be aware it is there, or working.

                            WebAuthn can be tested at https://webauthn.io/ - enter a random username, leave everything at defaults, and hit register. You won't see a pop-up prompt here (this is where you will want to look to Safari behaviour), but if you have a U2F/webauthn token plugged in, the LED will flash to prompt you to authenticate by pushing the button.

                            You can then repeat this process, clicking "login", and again the LED will flash (without Orion prompt). Press the button on the Webauthn dongle, and you'll get "logged in".

                            The Safari flows for reference.

                            1. After pressing register:

                            (No text changes whether the token is plugged in or not)

                            1. After pressing login (slightly different message, as register != login to the token)
                              4 days later

                              If Platform (TPM) authentication is used on webauthn.io on safari or chrome/vivaldi/etc, it will allow for the use of Touch ID on macs and Touch ID or Face ID on iDevices. Screenshots of macOS Safari attached for reference:


                                Possibly unrelated but Orion on iOS has full WebAuthn support, even with the new passkeys on iOS 16.

                                  a month later
                                  10 days later

                                  vordenken yes, this is iOS Orion only.
                                  WebKit browsers on iOS (read: all browsers) get WebAuthn and Payments for free.

                                      vordenken WebauthN is supported on Orion macOS. if it does not work for oyu open an issue with steps to reproduce.