commit | ccb151f399ed5decac6538102cbcc3b6c3367569 | [log] [tgz] |
---|---|---|
author | Martin Kreichgauer <martinkr@google.com> | Tue Aug 21 20:55:37 2018 |
committer | Commit Bot <commit-bot@chromium.org> | Tue Aug 21 20:55:37 2018 |
tree | 9b4744b5f7d6fd8ca1a5456073df00ceefc6edd1 | |
parent | e06da142bd6f0c6857318a598423914ff029b55e [diff] |
device/fido/mac: allow password fallback for Touch ID This relaxes the access control restriction for keychain items created by the Touch ID authenticator to require biometric authentication *or* password entry. The effect is that the native Touch ID dialog will show a "use password" button next to the cancel button. Not that despite the name of the kSecAccessControlUserPresence attribute, the TouchIdAuthenticator is still user-*verifying* (passcode entry is a valid user verification method in the WebAuthN spec). Related Apple Developer documentation can be found here: https://developer.apple.com/documentation/security/secaccesscontrolcreateflags/ksecaccesscontroluserpresence?language=objc This change is somewhat backwards-incompatible: If a user tries to authenticate using a credential created *before* this change *and* actually chooses the "Use Password" fallback, they will afterwards be prompted with a second Touch ID dialog that does not have the password fallback button. This is acceptable since the feature hasn't launched yet. Bug: 678128 Change-Id: If4e3461ccd378bac286dbba68c3011fee2eb0fa3 Reviewed-on: https://chromium-review.googlesource.com/1183636 Commit-Queue: Martin Kreichgauer <martinkr@google.com> Reviewed-by: Balazs Engedy <engedy@chromium.org> Cr-Commit-Position: refs/heads/master@{#584896}
Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web.
The project's web site is https://www.chromium.org.
Documentation in the source is rooted in docs/README.md.
Learn how to Get Around the Chromium Source Code Directory Structure .