Closed a-stankevich closed 6 months ago
It seems like there's a bug in Firefox, or possibly the 1Password extension for it, because errors occur on the JavaScript side when reading the PublicKeyCredential. The issue did not reproduce in Chrome with the 1Password extension, or in "raw" Firefox.
The 1Password extension in Firefox substitutes existing browser APIs with its own functions and returns objects that correspond to those in the native browser API.
The problem occurs because the call to the method response.getAuthenticatorData() for the PublicKeyCredential
object (which is returned in case of successful resolution of navigator.credentials.create
or navigator.credentials.get
promises), returns a Restricted
object (you can get more details in the browser's own debugger). Because of this, the method of user registration completion is not called, hence the absence of an alert about successful registration (since it didn't complete at all).
The examples from passkeys.io
and fido2-net-lib.passwordless.dev
run smoothly because they simply don't call the methods of the PublicKeyCredential
object, as they were developed for earlier versions of the specification.
The most we can do for such a situation is to adjust the demo example so that a corresponding alert appears when an exception occurs. In the case of widespread use of the Firefox + 1Password combination in production, there's a workaround which consists of ignoring the invocation of getAuthenticatorData()
in your JavaScript code.
Do I understand correctly that it's a bug in 1Password passkey implementation?
In 1Password Firefox extension
On Firefox 122 with 1Password extension.
Steps to reproduce
{"":["The authentication ceremony completed with an error"]}
This works fine on passkeys.io and fido2-net-lib.passwordless.dev