Skip to content
This repository has been archived by the owner on Dec 11, 2019. It is now read-only.

U2F authentication doesn't work on specific websites #13564

Closed
srirambv opened this issue Mar 22, 2018 · 7 comments
Closed

U2F authentication doesn't work on specific websites #13564

srirambv opened this issue Mar 22, 2018 · 7 comments
Labels
0.22.x issue first seen in 0.22.x bug fixed-with-brave-core This issue will automatically resolved with the replacement of Muon with Brave Core. wontfix

Comments

@srirambv
Copy link
Collaborator

srirambv commented Mar 22, 2018
edited
Loading

Description

U2F authentication doesn't work on Gmail/Facebook

Steps to Reproduce

  1. Install 0.22.6
  2. Connect U2F device and Login to gmail/facebook with 2FA enabled
  3. Touch on the U2F device, doesn't login instead says try again

Actual result:
fbu2f
Console logs

[4824:14540:0322/141428.727:ERROR:extension_function_dispatcher.cc(585)] Unknown Extension API - cryptotokenPrivate.isAppIdHashInEnterpriseContext
[4824:14540:0322/141428.966:ERROR:extension_function_dispatcher.cc(585)] Unknown Extension API - cryptotokenPrivate.isAppIdHashInEnterpriseContext
[4824:14540:0322/141429.206:ERROR:extension_function_dispatcher.cc(585)] Unknown Extension API - cryptotokenPrivate.isAppIdHashInEnterpriseContext
[4824:14540:0322/141429.442:ERROR:extension_function_dispatcher.cc(585)] Unknown Extension API - cryptotokenPrivate.isAppIdHashInEnterpriseContext

Expected result:
Should login

Reproduces how often:
99%

Brave Version

about:brave info:

Brave 0.22.6
V8 6.5.254.36
rev e6ff4ea
Muon 5.1.0
OS Release 10.0.16299
Update Channel Beta
OS Architecture x64
OS Platform Microsoft Windows
Node.js 7.9.0
Brave Sync v1.4.2
libchromiumcontent 65.0.3325.162

Reproducible on current live release:
No

Additional Information

#13344
@kjozwiak was able to register the device for Gmail on mac but I wasn't
@LaurenWags was able to get it to work only when launching the browser from console
@srirambv srirambv added bug 0.22.x issue first seen in 0.22.x labels Mar 22, 2018
@srirambv srirambv added this to the 0.22.x (Beta Channel) milestone Mar 22, 2018
This was referenced Mar 22, 2018
Closed
Closed
@bsclifton
Copy link
Member

Moving out of the 0.22.x milestone; let's uplift if a fix is available

@bsclifton bsclifton modified the milestones: 0.22.x (Beta Channel), 0.24.x (Nightly Channel) Mar 26, 2018
@kjozwiak
Copy link
Member

kjozwiak commented Mar 27, 2018
edited
Loading

Only worry about this being moved out of 0.22 is that we're going to add release notes that mentions that we've added U2F support. It might get picked up by the security folks who might mention something on twitter. The first two websites that they'll probably try is Google/FB. It might look bad that we've released a feature that partially works, especially a security feature like U2F.

@evq
Copy link
Member

evq commented Mar 27, 2018
edited
Loading

I see the likely cause, there were recent changes to the CryptotokenPrivate extension functions upstream. We need to register additional functions in https://github.com/brave/muon/blob/master/atom/browser/extensions/atom_extensions_browser_client.cc#L436

Edit to add some more details:

The recent changes in chromium were in preparation for planned changes in Chromium 66 where access to attestation information will require a user authorization prompt to align with the webauthn standard (it is currently accessible by default). The functions to allow that functionality are already committed and the javascript cryptotoken extension is attempting to call them, however they are not available since we have not registered them as described above. So currently U2F attestation support is not working. Facebook depends on attestation being functional to complete enrollment thus the breakage seen in this issue.

@evq evq mentioned this issue Mar 27, 2018
Closed
@bsclifton bsclifton changed the title U2F authentication doesn't work on Gmail/Facebook U2F authentication doesn't work Jun 4, 2018
@bsclifton
Copy link
Member

+1 from @krmbzds via #518 (comment)
+1 from @kylerchin via #518 (comment)

@kjozwiak kjozwiak changed the title U2F authentication doesn't work U2F authentication doesn't work on specific websites Jun 4, 2018
@alexwykoff alexwykoff added the fixed-with-brave-core This issue will automatically resolved with the replacement of Muon with Brave Core. label Jun 12, 2018
@alexwykoff
Copy link
Contributor

We'll need a tracking issue in Brave core repos to support & package a U2F plugin per @bsclifton

@srirambv srirambv mentioned this issue Jun 12, 2018
Closed
@bbondy
Copy link
Member

bbondy commented Jun 13, 2018

@srirambv could you verify if this already works?

@bsclifton
Copy link
Member

Closing as wontfix - this is tracked in Brave Core with brave/brave-browser#324

With Brave Core, we might need to install the CryptoTokenExtension extension (that we use, per @evq 's implementation)

@bsclifton bsclifton removed this from the 0.24.x (Nightly Channel) milestone Jun 13, 2018
@bsclifton bsclifton mentioned this issue Sep 28, 2018
Closed
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
0.22.x issue first seen in 0.22.x bug fixed-with-brave-core This issue will automatically resolved with the replacement of Muon with Brave Core. wontfix
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Register new CryptotokenPrivate functions to fix breakage brave/muon
6 participants
@bbondy @alexwykoff @kjozwiak @bsclifton @evq @srirambv