fido: work around macOS framework bug with providerName in 13.*
CL:6213993 added plumbing of the ASAuthorizationWebBrowserPlatformPublicKeyCredential providerName attribute into WebAuthn UI. That property is documented available in macOS 13.3+. In practice, accessing it on any macOS version 13.* results in a NSInvalidArgumentException. Work around this by only passing providerName in 14.* and newer. Fixed: 407900955 Change-Id: I069ca373531bdc958dc6a813f235d6d9f8178ca6 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/6431285 Reviewed-by: Nina Satragno <nsatragno@chromium.org> Auto-Submit: Martin Kreichgauer <martinkr@google.com> Commit-Queue: Prudhvikumar Bommana <pbommana@google.com> Cr-Commit-Position: refs/heads/main@{#1442765}
This commit is contained in:

committed by
Chromium LUCI CQ

parent
6785a8c3ec
commit
fe5210d58a
@ -248,6 +248,12 @@ class API_AVAILABLE(macos(13.3)) Authenticator : public FidoAuthenticator {
|
||||
-> bool { return allow_list_cred.id == cred_id; })) {
|
||||
continue;
|
||||
}
|
||||
std::optional<std::string> provider_name;
|
||||
if (@available(macOS 14.0, *)) {
|
||||
// `providerName` is documented available in 13.3+, but appears broken
|
||||
// in 13.* (see https://crbug.com/407900955)
|
||||
provider_name = cred.providerName.UTF8String;
|
||||
}
|
||||
ret.emplace_back(AuthenticatorType::kICloudKeychain, rp_id,
|
||||
std::move(cred_id),
|
||||
PublicKeyCredentialUserEntity(
|
||||
@ -255,7 +261,7 @@ class API_AVAILABLE(macos(13.3)) Authenticator : public FidoAuthenticator {
|
||||
/* iCloud Keychain does not store
|
||||
a displayName for passkeys */
|
||||
std::nullopt),
|
||||
cred.providerName.UTF8String);
|
||||
std::move(provider_name));
|
||||
}
|
||||
const auto has_credentials =
|
||||
ret.empty() ? FidoRequestHandlerBase::RecognizedCredential::
|
||||
|
Reference in New Issue
Block a user