WebAuthn re-authentication failure in iOS 15.5

Safari & Web General
peter_at_trusona OP
Created Jul ’22
Replies 5
Boosts 1
Views 2.2k
Participants 3

We are seeing a difference in WebAuthn behavior between Safari desktop and mobile in iOS 15.5. If a user logs out of our site but keeps the session alive by having Safari remain open, upon logging in they are unable to re-authenticate using WebAuthn in iOS 15.5

The error we're seeing is: "User gesture is not detected. To use the WebAuthn API, call 'navigator.credentials.create' or 'navigator.credentials.get' within user activated events."

Observations:

  • This works in Safari desktop.
  • It worked in Safari iOS prior to iOS 15.5
  • Reloading the page in iOS 15.5 allows it to work normally.

Something about the JavaScript environment seems to prevent WebAuthn re-authentication without reloading the page.

Why is the behavior different between desktop, iOS 15.5, and previous versions of iOS? Any insight or suggested work-around would be appreciated. What are we missing?

Replies  5
Boosts  1
Views  2.2k
Participants  3
Systems Engineer OP
Apple
Jul ’22

Please try again in the latest iOS 16 beta (currently Beta 3). If this is still an issue there, please file it through Feedback Assistant with a screen recording and sysdiagnose, and share you feedback number here, so we can take a look!

0
peter_at_trusona OP
Jul ’22

I installed iOS 16 beta 3 and was able to verify the problem has been fixed. However, we still need a work around for iOS 15.5 . We replaced element re-rendering with a full page refresh window.location.reload() . Unfortunately, the problem still persists on iOS 15.5 until you do a manual refresh. Any ideas?

0
peter_at_trusona OP
Jul ’22

I have submitted feedback (FB10705684) with a sysdiagnose and two videos. One showing the unexpected behavior in iOS 15.5 and the other showing the expected behavior in iOS 16 beta 3.

Additional Observations: It works in iOS 16 beta 3 The problem is still present in iOS 15.6 beta.

We would really like a work-around or some assurance this will be fixed in a future version of iOS 15 since customers are likely to be on this version for some time.

0
ciccietto OP
Aug ’22

Same issue on iOS 15.6 until a user do a manual refresh. I tried also with JS refresh (different ways...) but without success.

0
ciccietto OP
Aug ’22

Other test with common famous internet framework:

0
WebAuthn re-authentication failure in iOS 15.5
First post date Last post date
 
 
Q