Open KramNamez opened 10 months ago
Trying to debug this with a local instance, I can at least see that if I call navigator.credentials.get()
myself, I get a DOMException that it either timed out or was not allowed.
Unfortunately, I do not see a reason for why it isn't allowed. I've tried with several different authenticators and oddly, I can successfully use them on webauthn.me and similar demo sites (at least as long as a PIN isn't required).
Fun detail: If I use a fresh authenticator that doesn't have a PIN configured, I can use it for 2FA.
Is there no interest in making this work, at all?
Search before asking
Operating System
Operating System Version
Pop!_OS 22.04 LTS
It happens on the web browser too?
No, it just happens on the Desktop app
Rocket.Chat Desktop App Version
3.9.6
Rocket.Chat Server Version
6.1.2
Describe the bug
When logging in through OIDC (provided by Keycloak, in this case), I am unable to use FIDO authenticators both for passwordless login and 2FA.
In both cases, I can see the tokens light up as if a challenge is started, but there is no indication on screen. It also fails to ask me for the PIN, so when I touch the authenticator, passwordless login immediately fails. 2FA simply times out, as if it never receives a response from the authenticator.
How to Reproduce
Configure an SSO Provider. Configure a FIDO authenticator for passwordless login or 2FA.
Try to connect to the Rocket.Chat server. Get redirected to your SSO provider to log in.
Fail, as the authenticators can't properly interact with the page.
Describe your Expected behavior
When I get redirected to my IdP, I get prompted for the PIN of my authenticator and login succeeds.
Anything else
This works fine in the browser. Electron has support for this.
Are you willing to submit a code contribution?