Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-15051

The WebAuthn recovery code button is not clickable

    Details

    • Type: Bug
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: webauthn
    • Labels:
    • Target Version/s:

      Description

      When the browser's built-in WebAuthn feature is triggered by the WebAuthn client script, the user is immediately propmpted by the browser to interact with their selected authentication device (Touch ID / hardware key / etc.). This prompt shows up as an alert dialog box, which makes the rest of the page unclickable. (In addition, TouchID throws up  an OS alert dialog as well)

      When the user cancels this dialog, the script auto-submits the page and one of the error outcomes is triggered in the node., so the user never has a chance to click "use recovery code".

      The current workaround is to catch this outcome and add a choice selector node that allows the user to choose if they want to use a recovery code.

      Proposed solution: when the user cancels the browser dialog, the script should not auto-submit, but show an error message and allow the user to click the recovery code button. (It could also show a "try again" and a "cancel/skip" button as well.)

        Attachments

          Activity

            People

            • Assignee:
              david.luna@forgerock.com David Luna
              Reporter:
              zoltan.tarcsay Zoltan Tarcsay
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated: