We are seeing a difference in WebAuthn behavior between Safari desktop and mobile in iOS 15.5. If a user logs out of our site but keeps the session alive by having Safari remain open, upon logging in they are unable to re-authenticate using WebAuthn in iOS 15.5
The error we're seeing is: "User gesture is not detected. To use the WebAuthn API, call 'navigator.credentials.create' or 'navigator.credentials.get' within user activated events."
Observations:
- This works in Safari desktop.
- It worked in Safari iOS prior to iOS 15.5
- Reloading the page in iOS 15.5 allows it to work normally.
Something about the JavaScript environment seems to prevent WebAuthn re-authentication without reloading the page.
Why is the behavior different between desktop, iOS 15.5, and previous versions of iOS? Any insight or suggested work-around would be appreciated. What are we missing?
Please try again in the latest iOS 16 beta (currently Beta 3). If this is still an issue there, please file it through Feedback Assistant with a screen recording and sysdiagnose, and share you feedback number here, so we can take a look!
I have submitted feedback (FB10705684) with a sysdiagnose and two videos. One showing the unexpected behavior in iOS 15.5 and the other showing the expected behavior in iOS 16 beta 3.
Additional Observations: It works in iOS 16 beta 3 The problem is still present in iOS 15.6 beta.
We would really like a work-around or some assurance this will be fixed in a future version of iOS 15 since customers are likely to be on this version for some time.