Details
-
Bug
-
Resolution: Invalid
-
P2: Important
-
None
-
6.7.3
-
Windows
Description
Our simple browser example added support for FIDO2 by Qt 6.7. And it implements handling of various requests based on states. To be exact:
void WebView::onStateChanged(QWebEngineWebAuthUxRequest::WebAuthUxState state)
{
if (QWebEngineWebAuthUxRequest::WebAuthUxState::Completed == state
|| QWebEngineWebAuthUxRequest::WebAuthUxState::Cancelled == state) {
if (m_authDialog) {
delete m_authDialog;
m_authDialog = nullptr;
}
} else {
m_authDialog->updateDisplay();
}
}
and
void WebAuthDialog::updateDisplay()
{
switch (uxRequest->state()) {
case QWebEngineWebAuthUxRequest::WebAuthUxState::SelectAccount:
setupSelectAccountUI();
break;
case QWebEngineWebAuthUxRequest::WebAuthUxState::CollectPin:
setupCollectPinUI();
break;
case QWebEngineWebAuthUxRequest::WebAuthUxState::FinishTokenCollection:
setupFinishCollectTokenUI();
break;
case QWebEngineWebAuthUxRequest::WebAuthUxState::RequestFailed:
setupErrorUI();
break;
default:
break;
}
adjustSize();
}
But not all states are intercepted. And therefore, Qt is not in full control of authentication process. It seems like only
WebAuthUxState::RequestFailed in the updateDisplay function
WebAuthUxState::Cancelled in the onStateChanged function
are handled by Qt. All the other functionalities are up to Windows. For eaxmple, using simple browser example to access https://webauthn.io/ and trying to register something should prompt you to a native Windows Secuity dialog. Nevertheless, I see that we have implemented .ui for this.