Improve the support for PIN-less FIDO2 devices

- We now check if in the handling of two factor option, the option to be used is a SecurityKey. If so, check if a FIDO2 device is attached and if it needs a PIN. - When a PIN is not required, we can just move straight onto assertation, the code for which will present the touch key UI. - Otherwise we fallback to the original flow.
2026-03-25 08:55:46 +00:00 · 2024-11-12 09:20:38 +00:00 · 2024-11-12 09:20:38 +00:00 · 259ad0789a
commit 259ad0789a
parent cc03660576
1 changed files with 11 additions and 5 deletions
--- a/Xcodes/Backend/AppState.swift
+++ b/Xcodes/Backend/AppState.swift
@ -305,11 +305,17 @@ class AppState: ObservableObject {
    }
    
    func handleTwoFactorOption(_ option: TwoFactorOption, authOptions: AuthOptionsResponse, serviceKey: String, sessionID: String, scnt: String) {
-        self.presentedSheet = .twoFactor(.init(
-            option: option,
-            authOptions: authOptions,
-            sessionData: AppleSessionData(serviceKey: serviceKey, sessionID: sessionID, scnt: scnt)
-        ))
+        let sessionData = AppleSessionData(serviceKey: serviceKey, sessionID: sessionID, scnt: scnt)
+
+        if option == .securityKey, fido2DeviceIsPresent() && !fido2DeviceNeedsPin() {
+            createAndSubmitSecurityKeyAssertationWithPinCode(nil, sessionData: sessionData, authOptions: authOptions)
+        } else {
+            self.presentedSheet = .twoFactor(.init(
+                option: option,
+                authOptions: authOptions,
+                sessionData: sessionData
+            ))
+        }
    }

    func requestSMS(to trustedPhoneNumber: AuthOptionsResponse.TrustedPhoneNumber, authOptions: AuthOptionsResponse, sessionData: AppleSessionData) {