Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-15051

The WebAuthn recovery code button is not clickable


    • Type: Bug
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: webauthn
    • Labels:
    • Target Version/s:


      When the browser's built-in WebAuthn feature is triggered by the WebAuthn client script, the user is immediately propmpted by the browser to interact with their selected authentication device (Touch ID / hardware key / etc.). This prompt shows up as an alert dialog box, which makes the rest of the page unclickable. (In addition, TouchID throws up  an OS alert dialog as well)

      When the user cancels this dialog, the script auto-submits the page and one of the error outcomes is triggered in the node., so the user never has a chance to click "use recovery code".

      The current workaround is to catch this outcome and add a choice selector node that allows the user to choose if they want to use a recovery code.

      Proposed solution: when the user cancels the browser dialog, the script should not auto-submit, but show an error message and allow the user to click the recovery code button. (It could also show a "try again" and a "cancel/skip" button as well.)




            • Assignee:
              david.luna@forgerock.com David Luna
              zoltan.tarcsay Zoltan Tarcsay
            • Votes:
              0 Vote for this issue
              1 Start watching this issue


              • Created: