Could Joy ID support the internal WebAuthn virtual authenticators in Chrome?

English CKB Development & Technical Discussion
1

My operating system is not in the support list of Joy ID.
I have to buy a security key, if I want to use Joy ID with my laptop.

Also, for development and debugging, using a computer will be easier.

So, could Joy ID support the internal WebAuthn virtual authenticators in Chrome?

I tried last Sunday, but failed.

In the “Section Introduction” of the guide of Joy ID, it said Joy ID is based on FIDO Webauthn protocol.
I can play that FIDO Webauthn protocol with the internal WebAuthn virtual authenticators in Chrome.

2

Actually, some 3rd party password manager like 1Password also provides virtual authenticator emulation. However, we ban them from using JoyID. Because they don’t support WebAuthn standard appropriately. You can refer to this link to check what’s the problem with 1Password and Passkey: How to change default Passkey provider back to system? — 1Password Community

3

I think your example is inappropriate.

Your example is a 3rd-party product who want to mock as a WebAuthn provider.

The Web Authentication API (also known as WebAuthn) is a specification written by the W3C and FIDO, with the participation of Google, Mozilla, Microsoft, Yubico, and others.[1]

But WebAuthn dev tool in chrome is a tool that provider by Google, who is a participial of that specification.

Joy ID works well in Chrome, but Chrome couldn’t support WebAuthn standard appropriately: it doesn’t make sense.

p.s. Microsoft, another participial of that specification, also has articles to introduce their WebAuthn dev tool in Edge, they also encourage using their dev tool to develop and debug WebAuthn products.[2]

  1. Guide to Web Authentication ↩︎

  2. Emulate authenticators and debug WebAuthn - Microsoft Edge Development | Microsoft Learn ↩︎

4

JoyID supports Chrome mock WebAuthn api. We don’t support 3rd-party Passkey manager such as 1Password.

5

Descriptions

With latest chromium (or chrome, I had tested both, but I prefer to chromium), on latest Debian (12.4, Bookworm; I think Debian is not a rare OS):

image
image703×899 48.8 KB

Microsoft Edge official documents has written: “…, while values of 14.0.0 or later represent releases of Windows 11.”

But, when I faked the user-agent to:

Mozilla/5.0 (Windows NT 14.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Safari/537.36

or

Mozilla/5.0 (Windows NT 15.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Safari/537.36

; also, I updated User-Agent Client Hints as the official Microsoft documents:

Sec-CH-UA-Platform: Windows
Sec-CH-UA-Platform-Version: 14.0.0 # I tried 15.0.0, too.
Sec-CH-UA: "Not_A Brand";v="8", "Chromium";v="121", "Microsoft Edge";v="121"

I got:

image
image703×899 50.9 KB

image
image1306×440 29.3 KB

:warning: Even JoyID doesn’t support the user-agent I used, it shouldn’t tell me I used Windows 7/8/8.1; it seems be a bug.

Summary

  • Linux is not supported.
  • The conditional judgment statement of user-agent is incorrect.

Could JoyID supports Linux+Chrome (Chromium) or just give me a User-Agent which JoyID supports, macOS+Chrome or Windows+Chrome (for Windows+Chrome, please give me User-Agent Client Hints too)?

6

image
image2309×908 246 KB

image
image3775×1343 338 KB

7

I myself use Ubuntu 23.10 with Chrome 121.0.6167.160, it works fine with Chrome emulated Webauthn API.

  • UA for Windows 7/8/10 is not supported, because JoyID uses P256 signatures which only supported on Win11 22H2+
  • Linux works fine, can you take a screenshot for your webauthn setup?

image
image3321×1811 451 KB

8

As I posted in above, in my laptop, it’s never reach the step as your screenshot.

image
image705×898 53.9 KB

I tried Chromium, Chrome and Brave on Debian.
I think it’s not the problem about WebAuthn APIs.

I guess JoyID requires Linux 6.A+:

  • Ubuntu 23.10 is Linux 6.5 (I googled).
  • Debian 12.5 is Linux 6.1 (I had, I upgraded to latest stable).

So, A is a number between 2 and 5.

Then, I have two more questions:

  • Maybe JoyID should correct the tip of the least requirement, like Windows 11 22H2, so that other Linux users could figure out the reason easier.

    Please see my screenshot above, JoyID told me:

    This operation systemis currently not supported. Please use another device.

    In fact, it should be:

    Please upgrade to Linux 6.A or a later version, or use another device.

  • Is really Linux 6.5 required? Maybe Linux 6.1 is enough, too. Maybe it’s just an over-examination.
    The reason: all other websites which require WebAuthn APIs work well.

p.s. A typo: systemis should be system is (see my screenshot above).

9

Today,I installed Ubuntu 23.10 in my physical machine (not in a virtual machine).
Then I upgraded the OS to the latest version.

But JoyID still didn’t work.

image
image3015×1914 413 KB

I checked the source code from chrome debugger (since I didn’t find the open source code of JoyID), I think it won’t work in Linux:

image
image3354×1341 334 KB

10

image
image1556×1017 119 KB

Please you enable the virtual authenticator feature first then refresh.

The detection code here only works after the checking webauthn api not available.

Could you also try these services with virtual webauthn enabled:

11

It works!

My incorrect steps are:

  1. Open JoyID page.
  2. Press F12 to open the development tools.
  3. Enable virtual authenticator environment.

The correct steps should be:

  • Step 2 at first.
  • Then step 3.
  • At last, step 1.

The key point is: Enable virtual authenticator environment BEFORE loading the JoyID page.

But, I still have to say, the tip message for exception is really terrible!
It shouldn’t tell me that my OS isn’t supported again and again.

1 Like