Can't register NFC key

[SpiderD555]

Hi, It seems I can't register webauthn key using NFC on Android. Android system says "All good, you can take the key away", yet I am getting error. See attached picture for details: This shouldn't be an issue with the key itself, because it works on webauthn.me site. I am using it on Google Pixel 4a with Android 13

[MasterKale]

Hello @SpiderD555, that's odd. Can you try again and grab from the browser console the response that's causing this error?

[SpiderD555]

@MasterKale Here is data from Firefox, basically the same string you see in the screenshot above

{"error": "1 validation error for RegistrationCredential\nresponse -> transports -> 1\n  value is not a valid enumeration member; permitted: 'usb', 'nfc', 'ble', 'internal', 'cable', 'hybrid' (type=type_error.enum; enum_values=[<AuthenticatorTransport.USB: 'usb'>, <AuthenticatorTransport.NFC: 'nfc'>, <AuthenticatorTransport.BLE: 'ble'>, <AuthenticatorTransport.INTERNAL: 'internal'>, <AuthenticatorTransport.CABLE: 'cable'>, <AuthenticatorTransport.HYBRID: 'hybrid'>])"}

Let me know if this is what you need, I can also supply the "verification" request that the browser supplies with POST request, but I am not sure if the data I expose there should be visible to the public.

Interestingly when I try with Chrome, then I don't even get option for hardware keys, the only option is to use passkeys (and it works by the way, but I want to leverage hardware key and not passkeys).

[MasterKale]

I can also supply the "verification" request that the browser supplies with POST request, but I am not sure if the data I expose there should be visible to the public.

This is what I was hoping for, I want to see what the front end sent they got back that error you posted. No PII is present in the actual WebAuthn registration response so it can be public.

I'd also like to know what browser and OS versions you're using here, as well as the security key make and model (in case I have one locally I can attempt to recreate with.)

[SpiderD555]

Here is the verification:

{"username":"damian","response":{"id":"owBYkm0wXqr8Vh3qVBXHzQ2bDaQkPu9uvTNp7H5ZWkVNIy3fhBxaUG0ruwEQedZ7MXVEYB3iJ-t_dV2pCrbO3z3tXu-Lt7RaOxH83txxo2adWE6SQZyq7ArnJlXSvWFZ3_Q30L7j3ihdh1kYxULWoxNK_fAjN8KlmOIuAFZe3O5CwJa9tWrIwS8UFDuNwfLRp6cOuZhpAUxN7s621Z0-5mmnaKcCUKrSmCov5ABfNffSPP2IvYE","rawId":"owBYkm0wXqr8Vh3qVBXHzQ2bDaQkPu9uvTNp7H5ZWkVNIy3fhBxaUG0ruwEQedZ7MXVEYB3iJ-t_dV2pCrbO3z3tXu-Lt7RaOxH83txxo2adWE6SQZyq7ArnJlXSvWFZ3_Q30L7j3ihdh1kYxULWoxNK_fAjN8KlmOIuAFZe3O5CwJa9tWrIwS8UFDuNwfLRp6cOuZhpAUxN7s621Z0-5mmnaKcCUKrSmCov5ABfNffSPP2IvYE","response":{"attestationObject":"o2NmbXRkbm9uZWdhdHRTdG10oGhhdXRoRGF0YVkBOnSm6pITyZwvdLIkkrMgz0AmKpTBqVCgOX8pJQtghB7wQQAAAAAAAAAAAAAAAAAAAAAAAAAAALajAFiSbTBeqvxWHepUFcfNDZsNpCQ-7269M2nsfllaRU0jLd-EHFpQbSu7ARB51nsxdURgHeIn6391XakKts7fPe1e74u3tFo7Efze3HGjZp1YTpJBnKrsCucmVdK9YVnf9DfQvuPeKF2HWRjFQtajE0r98CM3wqWY4i4AVl7c7kLAlr21asjBLxQUO43B8tGnpw65mGkBTE3uzrbVnT7maadopwJQqtKYKi_kAF8199I8_Yi9gaUBAgMmIAEhWCDeJZFflxgZWtGzEaCmsV3iw21OGDwSC0pxQAk0AjlV_iJYIH6Ze-ecg9VXYoclDlolNjKTnpFH8TchGF2JpoIebeYN","clientDataJSON":"eyJ0eXBlIjoid2ViYXV0aG4uY3JlYXRlIiwiY2hhbGxlbmdlIjoiTjl6SGhnODlaNGxGUDdtMWlxUFRtbmd1VUxaTG81T2RBTWpJTWlwT0ZEY0poSGVfalNSalVDT3pMRURXWnFvU3FsNm9JSDFESXhGSEhUU3dWNE9hb2ciLCJvcmlnaW4iOiJodHRwczpcL1wvd2ViYXV0aG4uaW8iLCJhbmRyb2lkUGFja2FnZU5hbWUiOiJvcmcubW96aWxsYS5maXJlZm94In0","transports":["ble","bt","cable","hybrid","internal","nfc","usb"],"publicKeyAlgorithm":-7,"publicKey":"MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE3iWRX5cYGVrRsxGgprFd4sNtThg8EgtKcUAJNAI5Vf5-mXvnnIPVV2KHJQ5aJTYyk56RR_E3IRhdiaaCHm3mDQ","authenticatorData":"dKbqkhPJnC90siSSsyDPQCYqlMGpUKA5fyklC2CEHvBBAAAAAAAAAAAAAAAAAAAAAAAAAAAAtqMAWJJtMF6q_FYd6lQVx80Nmw2kJD7vbr0zaex-WVpFTSMt34QcWlBtK7sBEHnWezF1RGAd4ifrf3VdqQq2zt897V7vi7e0WjsR_N7ccaNmnVhOkkGcquwK5yZV0r1hWd_0N9C-494oXYdZGMVC1qMTSv3wIzfCpZjiLgBWXtzuQsCWvbVqyMEvFBQ7jcHy0aenDrmYaQFMTe7OttWdPuZpp2inAlCq0pgqL-QAXzX30jz9iL2BpQECAyYgASFYIN4lkV-XGBla0bMRoKaxXeLDbU4YPBILSnFACTQCOVX-Ilggfpl755yD1VdihyUOWiU2MpOekUfxNyEYXYmmgh5t5g0"},"type":"public-key","clientExtensionResults":{}}}

I am using Firefox Mobile 119.0.1 (also tried with Firefox Nightly Today morning with the same result) The system is Android 13 Compilation number TQ3A.230805.001 working on Google Pixel 4a Webauthn key is this Solokey2

By the way initially I thought that something could be wrong with the key itself, but it does work through NFC when I try access webauthn.me page and test the key there.

[MasterKale]

Hello @SpiderD555, I see the problem. The security key is reporting the following transports:

"transports": [
  "ble",
  "bt",
  "cable",
  "hybrid",
  "internal",
  "nfc",
  "usb"
],

"bt" is not a valid transport even in the latest draft of WebAuthn L3 so webauthn.io is rejecting the registration response.

I suppose I could update webauthn.io to be less strict about what transport values it receives...but I think in the meantime an issue needs to be raised over in the solokeys/solo2 project about this odd choice in transports that get returned if they are indeed coming from a physical SoloKey2.

[MasterKale]

Actually @SpiderD555 can you try again with the latest Firefox on Android to see if you can still recreate this issue? I noticed the "androidPackageName":"org.mozilla.firefox" in the clientDataJSON in the response you posted, which is leading me to believe this issue back in November might have been Firefox's fault:

It's a lot easier to fix this with a browser update than a security key firmware update so I'm hoping a browser update will fix this.

[SpiderD555]

@MasterKale Just made a quick test (without using developer console yet) with latest Firefox mobile. I got this error: "Registration failed: 'bt' is not a valid AuthenticatorTransport", so you are completely right about this error. I will try raising this issue on Solokey github repository, I hope they won't point a finger at Firefox/Chrome.