Steps to reproduce:
- Sign up to a website (i.e. https://webauthn.io) using Safari and Touch ID built-in authentication in Monterey or newer (I think).
- Try to log into that website (i.e. https://webauthn.io) in Orion using the account you created in Safari - enter the same username, and notice you can't use Touch ID for this.
Expected behavior:
This is not an Orion bug per-se, but some thought should be given to how to onboard a new user that uses Safari and built-in Apple Webauthn. When they use Orion, I think they will generate different webauthn keys (and not be able to use existing webauthn keys), due to keychain compartmentalisation or similar (I've not found the developer docs for webauthn yet). I assume that a different app on the mac will have a different webauthn root seed (perhaps via bundleID or developerID or similar?).
As a user migrating from Safari to Orion, it would be quite difficult to migrate your authentications.
- First, you need to find out what sites you have an account with (is there a record created anywhere for this, like in keychain or your Apple ID? I don't use keychain sync or iCloud, but Touch ID works for webauthn, in Safari and Orion, so it must work at system level)
- Second, you need to log into those sites, and disable Webauthn, or add a new authenticator. Since you cannot log in via Orion, you'll really struggle to add an Orion authenticator to these sites. It's not like a hardware dongle you can use in multiple browsers!
- Third, you'll probably figure out it's not worth switching, and stick with safari for those sites (or in general), as you can't migrate to the new browser without some deep understanding of webauthn and keychains. I've not found how it works yet, so it's not immediately obvious to an end user - there's not "plaintext" secrets in keychain access you can look at, that I've spotted at least.