Duo authenticator Touch ID Support

benmartin

This may be a relatively niche thing but since I know orion has touch ID support already implemented I don't know if this would be difficult to implement or not; the duo (which is a login 2fa authenticator) authentication process relies on either a mobile device or touch ID on chrome browser (under the guise that chrome has native touch ID support implemented). Using a chrome user agent results in the popup showing and then abruptly closing (expectedly) and while, like I said, this is a niche thing, I think it would be cool and relatively simple to add. Thanks for reading or considering.

In the context of Duo Authenticator, users can use the Orion browser instead of a browser like Chrome to authenticate their 2FA requiring organization. It saves not only the requirement of using a phone but also the requirement of using the chrome browser, incredibly convenient in the context of my education institution requiring 2FA through Duo on every login.

benmartin

I meant to sponsor this issue but I didn't put the link in the paypal comment; I did donate with the same email as my account though. Thanks to whomever considers this and thank you for maintaining orion browser

gp

At first glance I thought this might be FIDO2, but it looks to be something Chrome-specific (perhaps unlocking a stored password or similar?) - https://guide.duo.com/touch-id

Enrollment and authentication with Touch ID is limited to Google Chrome on MacOS because Chrome has built-in native support to address TouchID on MacOS.

(https://help.duo.com/s/article/5326?language=en_US)

I wonder if it would be easier to enrol Orion with TouchID as a (virtual) "FIDO2" token?

benmartin

Noticed something else that may help if devs choose to fix this; using my laptop in headless mode does not crash the popup touchid mode, so it seems as though in this context orion is successfully making a request to touch id and it is after it makes the request to touch id that the window closes, as in headless mode touchid is automatically disabled in contexts where it would be requested

benmartin

SOLVED!!! For anyone in this same particular situation adding touch ID from orion browser makes this work.. I don't know why I didn't try that before and I don't know what difference it makes but it works and that is all that matters. Nothing to implement here, lol. I originally had added touch ID from chrome as I hadn't thought to change the user agent until after I had added touch ID as an authentication method, but if you change your user agent before and add it from orion everything works perfectly. Great work from orion devs for doing this unintentionally lol

Haarolean

This most likely is pass keys