search

bitwarden / android

Bitwarden mobile app for Android.
https://bitwarden.com
GNU General Public License v3.0
6.33k stars 797 forks source link

FIDO2 WebAuthn 2FA flow on Android is loading 2 requests at the same time, and that is causing the authentication to fail. #3314

Closed SergeantConfused closed 3 months ago

SergeantConfused commented 3 months ago

Steps To Reproduce

  1. Launch Bitwarden and enter your email address and master password.
  2. Tap on (Authenticate WebAuthn).
  3. Tap on (Use a difference device).
  4. Tap on (NFC security key).
  5. Place the FIDO2 WebAuthn Security Key on the phone.

Expected Result

To log into your individual Bitwarden account.

Actual Result

You are returned to the FIDO2 WebAuthn stage and you have a (Try Again) button, but pressing on that and performing the process again does not assist.

Screenshots or Videos

N/A.

Additional Context

If you tap on the (Back) button within the operating system at the point where you're returned to the FIDO2 WebAuthn stage with the (Try again) button, you'll see that the same stage is shown again; It seems like the Android client is loading that stage twice. In order to log in, you'd need to enter your email address and master password, and then dismiss the browser window that's launched for the FIDO2 WebAuthn flow, tap on (Back), and then on (Try again) and to then authenticate via FIDO2 WebAuthn.

Operating System

Android

Operating System Version

12

Device

Samsung Note10+

Build Version

2024.5.1

Beta

vvolkgang commented 3 months ago

Issue migrated to https://github.com/bitwarden/mobile/issues/3314