We are seeing a difference in WebAuthn behavior between Safari desktop and mobile in iOS 15.5. If a user logs out of our site but keeps the session alive by having Safari remain open, upon logging in they are unable to re-authenticate using WebAuthn in iOS 15.5
The error we're seeing is: "User gesture is not detected. To use the WebAuthn API, call 'navigator.credentials.create' or 'navigator.credentials.get' within user activated events."
Observations:
- This works in Safari desktop.
- It worked in Safari iOS prior to iOS 15.5
- Reloading the page in iOS 15.5 allows it to work normally.
Something about the JavaScript environment seems to prevent WebAuthn re-authentication without reloading the page.
Why is the behavior different between desktop, iOS 15.5, and previous versions of iOS? Any insight or suggested work-around would be appreciated. What are we missing?
-
—
Frameworks Engineer
-
—
peter_at_trusona
Add a CommentPlease try again in the latest iOS 16 beta (currently Beta 3). If this is still an issue there, please file it through Feedback Assistant with a screen recording and sysdiagnose, and share you feedback number here, so we can take a look!
I have submitted feedback (FB10705684) with a sysdiagnose and two videos. One showing the unexpected behavior in iOS 15.5 and the other showing the expected behavior in iOS 16 beta 3.
Additional Observations: It works in iOS 16 beta 3 The problem is still present in iOS 15.6 beta.
We would really like a work-around or some assurance this will be fixed in a future version of iOS 15 since customers are likely to be on this version for some time.