Known Issues

This section covers known issues (as of January 2, 2020) when using 13.3+ Safari browser, SFSafariViewController, orASWebAuthenticationSession.

1. User Verification (PIN Support)

It does not matter whether a FIDO2 PIN is set, required, or preferred: in all those cases, the Safari browser dialog does not prompt for a PIN.

Note

If the service from which the user is authenticating is a U2F flow only, then PIN on FIDO2 is a non-issue and the user will successfully authenticate. Learn more in the User Presence vs User Verification section of our WebAuthn Developer Guide.

Required, Preferred, and Discouraged Parameters for User Verification

Feature Required Preferred Discouraged

User Verification (FIDO2 PIN)

Not working

Not working

Working

“Required”, “Preferred”, and “Discouraged” are optional parameters sent to the client browser by the WebAuthn RP during user registration.

2. Resident Credentials (Resident Key)

When the WebAuthn RP specifies the optional parameter RequireResidentKey=TRUE, the registration hangs and the user is never prompted to insert or tap the YubiKey. Learn more in the Resident Keys section of our WebAuthn Developer Guide.

Required (TRUE)/Required(FALSE) Parameters for Resident Credentials (ResidentKey)

Feature Required (TRUE) Required (FALSE)

Resident Credentials (ResidentKey)

Not working

Working

Required: TRUE|FALSE is an optional parameter sent by the WebAuthn RP to the client.

3. Attestation

If the WebAuthn RP requests any attestation parameter other than none, registration fails and the user is never prompted to insert or tap a YubiKey. Learn more in the Attestation section of our WebAuthn Developer Guide.

None, Indirect, and Direct Parameters for Attestation

Feature None Indirect Direct

Attestation

Working

Not working

Not working