Details
-
Bug
-
Resolution: Invalid
-
P2: Important
-
None
-
6.7.3
Description
Our simple browser example added support for FIDO2 by Qt 6.7. And it implements handling of various requests based on states. To be exact:
void WebView::onStateChanged(QWebEngineWebAuthUxRequest::WebAuthUxState state) { if (QWebEngineWebAuthUxRequest::WebAuthUxState::Completed == state || QWebEngineWebAuthUxRequest::WebAuthUxState::Cancelled == state) { if (m_authDialog) { delete m_authDialog; m_authDialog = nullptr; } } else { m_authDialog->updateDisplay(); } }
and
void WebAuthDialog::updateDisplay() { switch (uxRequest->state()) { case QWebEngineWebAuthUxRequest::WebAuthUxState::SelectAccount: setupSelectAccountUI(); break; case QWebEngineWebAuthUxRequest::WebAuthUxState::CollectPin: setupCollectPinUI(); break; case QWebEngineWebAuthUxRequest::WebAuthUxState::FinishTokenCollection: setupFinishCollectTokenUI(); break; case QWebEngineWebAuthUxRequest::WebAuthUxState::RequestFailed: setupErrorUI(); break; default: break; } adjustSize(); }
But not all states are intercepted. And therefore, Qt is not in full control of authentication process. It seems like only
WebAuthUxState::RequestFailed in the updateDisplay function
WebAuthUxState::Cancelled in the onStateChanged function
are handled by Qt. All the other functionalities are up to Windows. For eaxmple, using simple browser example to access https://webauthn.io/ and trying to register something should prompt you to a native Windows Secuity dialog. Nevertheless, I see that we have implemented .ui for this.