0

fido: work around macOS framework bug with providerName in 13.*

CL:6213993 added plumbing of the
ASAuthorizationWebBrowserPlatformPublicKeyCredential providerName
attribute into WebAuthn UI. That property is documented available in
macOS 13.3+. In practice, accessing it on any macOS version 13.* results
in a NSInvalidArgumentException. Work around this by only passing
providerName in 14.* and newer.

Fixed: 407900955
Change-Id: I069ca373531bdc958dc6a813f235d6d9f8178ca6
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/6431285
Reviewed-by: Nina Satragno <nsatragno@chromium.org>
Auto-Submit: Martin Kreichgauer <martinkr@google.com>
Commit-Queue: Prudhvikumar Bommana <pbommana@google.com>
Cr-Commit-Position: refs/heads/main@{#1442765}
This commit is contained in:
Martin Kreichgauer
2025-04-04 10:53:25 -07:00
committed by Chromium LUCI CQ
parent 6785a8c3ec
commit fe5210d58a

@ -248,6 +248,12 @@ class API_AVAILABLE(macos(13.3)) Authenticator : public FidoAuthenticator {
-> bool { return allow_list_cred.id == cred_id; })) {
continue;
}
std::optional<std::string> provider_name;
if (@available(macOS 14.0, *)) {
// `providerName` is documented available in 13.3+, but appears broken
// in 13.* (see https://crbug.com/407900955)
provider_name = cred.providerName.UTF8String;
}
ret.emplace_back(AuthenticatorType::kICloudKeychain, rp_id,
std::move(cred_id),
PublicKeyCredentialUserEntity(
@ -255,7 +261,7 @@ class API_AVAILABLE(macos(13.3)) Authenticator : public FidoAuthenticator {
/* iCloud Keychain does not store
a displayName for passkeys */
std::nullopt),
cred.providerName.UTF8String);
std::move(provider_name));
}
const auto has_credentials =
ret.empty() ? FidoRequestHandlerBase::RecognizedCredential::