FIDO UAF Client (Android) is not handling UAFIntentType.DISCOVER properly #21
Description
According to FIDO UAF Application API and Transport Binding Specification:
Android intent invokes the FIDO UAF Client to discover the available authenticators and capabilities. The FIDO UAF Client generally will not show a UI associated with the handling of this intent, but immediately return the JSON structure. The calling application cannot depend on this however, as the FIDO UAF Client MAY show a UI for privacy purposes, allowing the user to choose whether and which authenticators to disclose to the calling application.
This intent MUST be invoked with startActivityForResult().
Current ExampleFidoUafClient class is not handling UAFIntentType properly and there is nothing to catch UAFIntentType.DISCOVER. As consequence a 3rd party Android RP App is not able to discovery and use Marvin UAF Client.
It is my suggestion to be included in finishWithResult method:
Bundle extras = getIntent().getExtras();
if (extras != null) {
String data = (String) extras.get("UAFIntentType");
if (data != null) {
if (data.equals(UAFIntentType.DISCOVER)) {
extras = new Bundle();
extras.putString("UAFIntentType", UAFIntentType.DISCOVER_RESULT.name());
extras.putShort("errorCode", ErrorCode.NO_ERROR.getID());
extras.putString("discoveryData", DiscoveryData.getFakeDiscoveryData());
intent.putExtras(extras);
setResult(Activity.RESULT_OK, intent);
finish();
}
if (data.equals(UAFIntentType.UAF_OPERATION.name())) {
String message = (String) extras.get("message");
String channelBindings = (String) extras.get("channelBindings");
String inMsg = extract(message);
String response = "";
}
}
}
But it will implicate in a lot of modifications in onActivityResult method in MainActivity class.