Yubico / Webauthn & Resident Key

Question

I've a Yubikey 5, and I am working on OSX & Chrome 72.

According to the documentation, I should have up to 25 resident Keys : https://support.yubico.com/support/solutions/articles/15000014219-yubikey-5-series-technical-manual#FIDO29g3ue8

Technically, if I am right, a Resident Key is needed to be able to "authenticate" without username. When trying authenticate with webauthn, the Browser should "ask" the user to select an "identity" based on the domain/resident key stored.

I try webauthn with resident key on some demo site. But It seems that either Chrome, or either the Key is not "supporting" Resident Key.

I am quite sure that a "username less" registration / login was present on the Yubico site previously. But I am not able to find it. I think the demo site has been updated .. and the feature is not present anymore.

Do you know how to test the webauthn resident key ?

FWIW, https://webauthntest.azurewebsites.net/ is a test page for the various options. — EricLaw, Feb 04 '19 at 22:16

score 4 · Answer 1 · answered Feb 27 '19 at 11:50

4

Chrome briefly had (v68 or v69 I believe), then withdrew support (v71) for resident key credentials.

answered Feb 27 '19 at 11:50

Shane Weeden

51
5

On OSX, you can test it with the Safari Technology Preview browser, with the WebAuthn experimental feature enabled. – Shane Weeden Feb 27 '19 at 11:50

score 2 · Answer 2 · answered Aug 30 '19 at 20:58

2

Now latest versions of Chrome and MS Edge support Resident Credentials.

answered Aug 30 '19 at 20:58

DeenOub

365
1
4
13

As far as I observed but **only on having a FIDO2 PIN set**. I was unable to create a residental credential without a PIN set. After setting a FIDO2 PIN you cannot remove it without loosing all your U2F/FIDO2 authentifications. – bentolor Jul 05 '20 at 11:57

Yubico / Webauthn & Resident Key

2 Answers2