REOPENED264097
[WebAuthn] Navigator matches excludedCredentials for deleted passkeys in 30 day grace period 
https://bugs.webkit.org/show_bug.cgi?id=264097
Summary [WebAuthn] Navigator matches excludedCredentials for deleted passkeys in 30 d...
stephen
Reported 2023-11-02 10:10:12 PDT
If a passkey is deleted (and within the 30 day undelete grace period) by the user in the Safari password manager and the user attempts to re-enroll the platform navigator using webauthn, we get: InvalidStateError: At least one credential matches an entry of the excludeCredentials list in the platform attached authenticator. This seems pretty confusing because the user has deleted the passkey and it's not usable to authenticate anymore, so it shouldn't be matched against the excludedCredentials list. The user can workaround this by going into "Recently deleted" in the password manager and permanently deleting the offending credential.
Attachments
Add attachment proposed patch, testcase, etc.
Radar WebKit Bug Importer
Comment 1 2023-11-09 09:11:13 PST
<rdar://problem/118182303>
pascoe@apple.com
Comment 2 2024-03-05 12:56:00 PST
Pull request: https://github.com/WebKit/WebKit/pull/25499
EWS
Comment 3 2024-03-05 14:59:47 PST
Committed 275711@main (c0e1cd6ea54e): <https://commits.webkit.org/275711@main> Reviewed commits have been landed. Closing PR #25499 and removing active labels.
EWS
Comment 4 2024-05-09 18:21:31 PDT
Committed 272448.1008@safari-7618-branch (b5489fabf4aa): <https://commits.webkit.org/272448.1008@safari-7618-branch> Reviewed commits have been landed. Closing PR #1276 and removing active labels.
EWS
Comment 5 2024-05-10 12:55:04 PDT
Committed 272448.1011@safari-7618-branch (d868e430dea8): <https://commits.webkit.org/272448.1011@safari-7618-branch> Reviewed commits have been landed. Closing PR #1279 and removing active labels.
Robert Jenner
Comment 6 2024-05-28 14:41:52 PDT
Reopened Bugzilla. [WebAuthn] Navigator matches excludedCredentials for deleted passkeys in 30 day grace period, tracking revert in https://bugs.webkit.org/show_bug.cgi?id=264097.
Note You need to log in before you can comment on or make changes to this bug.