WebAuthn/FIDO security key popup not showing during Google OAuth #111
Description
Description
When Google authentication requests a hardware security key (like YubiKey), no native dialog appears prompting the user to tap their key. The authentication flow appears to hang with no visual feedback.
Root Cause Analysis
WebKitGTK WebAuthn Support:
- WebKitGTK 2.50.x supports WebAuthn as part of the WebKit engine
- However, WebKitGTK does not expose a native permission request API for security keys like it does for geolocation, camera, microphone, etc.
- Looking at
PermissionRequestimplementations in WebKitGTK 6.0, there is noSecurityKeyPermissionRequestorWebAuthnPermissionRequestclass
Current State:
- The project connects to many WebKit signals but does not handle the
permission-requestsignal - No WebAuthn/FIDO security key handling exists
Potential Solutions
-
Connect to
permission-requestsignal - May capture some permission requests, though WebAuthn prompts may not come through this signal on WebKitGTK -
Platform authenticator integration - On Linux, security key interactions typically require:
- Integration with
libfido2 - D-Bus integration with
org.freedesktop.portal.WebAuthn(Flatpak portal) - Or a platform authenticator service
- Integration with
-
WebKitGTK experimental features - WebAuthn UI might be behind a feature flag in
WebKitSettings -
Research GNOME Web (Epiphany) - See how they handle this scenario
References
- WebKitGTK PermissionRequest interface: https://webkitgtk.org/reference/webkitgtk/stable/iface.PermissionRequest.html
- WebKitGTK permission-request signal: https://webkitgtk.org/reference/webkitgtk/stable/signal.WebView.permission-request.html
- WebAuthn browser support: https://caniuse.com/webauthn
Affected Files
internal/infrastructure/webkit/webview.go- Signal connectionsvendor/github.com/bnema/puregotk-webkit/webkit/- WebKit bindings
Complexity
High - Requires understanding of WebKitGTK internals and potentially platform-specific authenticator integration.