Scenario
- Use Safari browser on macOS and trigger Webauthn authentication
- Select QR code authentication flows
- Use Android phone's passkey (with play service beta) and scan the QR code
- Perform UV on Android device
- Check the authentication response coming from the Safari on macOS
Issue The authenticatorAttachment in the response is "platform".
Expected behavior The authenticatorAttachment should be "cross-platfrom". According to the spec (https://w3c.github.io/webauthn/#dom-publickeycredential-authenticatorattachment), the value should be "cross-platform" since the attachment modality at the time of authenitcation is "cross-platfrom" rather than "platform". Without "cross-platform", RP cannot decide and guide for the user to register the "platform" authenticator on the macOS.
I just checked this issue with Safari (16.2) on macOS (13.1). Also, you can refer related issue on the fido-dev-group: https://groups.google.com/a/fidoalliance.org/g/fido-dev/c/XvDWBH6PhQ0
Hi
Is this acknowledged as a bug? If so, how cna I follow it's development? If not, is there another way to identify that a "cross device flow" was performed?
Thanks!