![]() If Duo could split their logic in a similar way, it would be the most straightfoward way I can think of to fix this. Duo Mobile: Approve Duo Push verification requests on iOS or Android devices, or generate a one-time passcode from the Duo Mobile app. Permissible authentication methods: Duo Push, Duo Mobile Passcode, hardware tokens and Security Keys (U2F and WebAuthn). In that case, while u2f-api.js errors out, u2fdemo.js just expects to find a functioning "u2f" javascript interface to use, and Firefox is happy to provide it. U2f-api.js, which crashes like Duo's with the same error, and u2fdemo.js, which contains the actual functionality. Google's test site has this same issue when used with Firefox, but it's not a crash bug because their code is split into two scripts: ![]() I'm not sure what implementation peculiarity lets this work on Chrome, but it's odd. Does it hell What it should say is it supports WEB 2FA but implies it is supported across your whole platform. Despite it coming from Google, it's clearly bad behavior to attempt to overwrite a namespace object exposed by WebIDL. U2F Security Keys and Duo Our two-factor authentication platform supports U2F security keys, offering secure login approvals resistant to phishing attacks combined with the one-tap convenience you’re already used to with Duo Push. Unfortunately, Google's sample code for interacting with U2F included this exact line, so I'm guessing that's where Duo picked it up from. In compliance with section 3.2 of the specification, Firefox reveals the API in a namespace object named u2f, which is read-only. > TypeError: setting a property that has only a getterįirefox implements U2F version 1.1, particularly its "High-level JavaScript API", in compliance with the non-normative text in the "Background" section saying Relying Parties should implement only the High-level JavaScript API. ![]() In testing U2F support using Firefox Release with the "2f" and "2f_enable_softtoken" preferences enabled, Duo's script crashes on line 1, col 18:
0 Comments
Leave a Reply. |