Bug 205350

Just as a point of reference, Linux Firefox supports FIDO2/WebAuthn authenticators over USB as of version 114.0 (https://www.mozilla.org/en-US/firefox/114.0/releasenotes/).

Will this be implemented sometime in the near future? This blocks my work login flow substantially (both with email w/ Thunderbird and with vpn login via networkmanager-openconnect)

It's part of the GNOME STF project, so maybe, but it depends on prioritization. Next step is to solve https://github.com/flatpak/xdg-desktop-portal/issues/989. I won't accept new static permissions into Epiphany and other app developers shouldn't either, and adding functionality into WebKit that doesn't work under flatpak is not OK, so a portal is surely the next step.

The linux-credentials project's credentialsd API is not ready yet, but is very likely what we will need to use: https://github.com/linux-credentials/credentialsd/blob/main/doc/api.md That's designed to be a portal, so we only need one implementation, not separate implementations for host system vs. Flatpak.

And the developers are actively soliciting feedback: https://github.com/flatpak/xdg-desktop-portal/issues/989#issuecomment-3191398122 So the opportunity to influence how the API works is now.

Hello, I'm one of the developers of credentialsd. Yes, we are looking for feedback, and I would love to have WebAuthn support in WebkitGTK for the reasons mentioned above; it's long been a pet peeve of mine too. Is there anything I should keep in mind for the browser implementation? We have an implementation in Firefox, but I haven't looked at Blink or WebKit yet, so not familiar with any differences there. (I'm also happy to continue discussion somewhere on GitHub if that's more appropriate.)

Since nobody is working on this, I doubt anybody is going to provide you with feedback. Sorry.