Skip to content

LG-8071: Add logging for WebAuthn frontend error reasons#7609

Merged
aduth merged 3 commits intomainfrom
aduth-8071-webauthn-logging
Jan 12, 2023
Merged

LG-8071: Add logging for WebAuthn frontend error reasons#7609
aduth merged 3 commits intomainfrom
aduth-8071-webauthn-logging

Conversation

@aduth
Copy link
Contributor

@aduth aduth commented Jan 10, 2023

🎫 Ticket

LG-8071

🛠 Summary of changes

Enhances WebAuthn verification to ensure that errors occurring in the front-end are logged as part of the back-end verification.

Previously, the frontend error message was being passed as part of the form submission, but was only used as part of a condition considering whether to validate the assertion response. With these changes, the error is now included in the logged error details.

This changes the specific string being logged from using the full error message to the error name, which avoids differences in error messages between browsers.

For example, a cancelled authentication...

  • ...in Chrome:
    • error.name: NotAllowedError
    • error.message: The operation either timed out or was not allowed. See: https://www.w3.org/TR/webauthn-2/#sctn-privacy-considerations-client.
  • ...in Safari:
    • error.name: NotAllowedError
    • error.message: This request has been cancelled by the user.

Draft while I work to enhance test coverage

📜 Testing Plan

  1. Configure an account with Security Key or Face/Touch Unlock
  2. Tail logs (tail -F log/events.log | jq .)
  3. Sign in, but cancel when prompted for Security Key or Face/Touch Unlock
  4. Observe event "Multi-Factor Authentication" with errors including webauthn_error: ['NotAllowedError']

@aduth aduth mentioned this pull request Jan 10, 2023
Merged
zachmargolis
zachmargolis approved these changes Jan 10, 2023
View reviewed changes
Copy link
Contributor

@zachmargolis zachmargolis left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@aduth
LG-8071: Add logging for WebAuthn frontend error reasons
1d4a1cb 
changelog: Internal, Analytics, Track error reasons for failed WebAuthn authentication
@aduth aduth force-pushed the aduth-8071-webauthn-logging branch from 7a0b5c5 to 1d4a1cb Compare January 11, 2023 13:51
@aduth aduth marked this pull request as ready for review January 11, 2023 14:32
@aduth aduth requested a review from a team January 11, 2023 18:23
@aduth aduth merged commit b493e5f into main Jan 12, 2023
@aduth aduth deleted the aduth-8071-webauthn-logging branch January 12, 2023 13:14
@zachmargolis zachmargolis mentioned this pull request Jan 17, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mitchellhenke mitchellhenke mitchellhenke approved these changes

+1 more reviewer

@zachmargolis zachmargolis zachmargolis approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@aduth @zachmargolis @mitchellhenke