cendyne
commented
9 months ago Rage shaking was not recognized during this flow. I am unable to submit logs with that method. Here's a screenshot at least.
Again, the issue is: The way Element iOS is creating this webview prevents successful use of WebAuthn security keys. This is not a case where my security key failed. I was never prompted to bring my security key to the device.
Steps to reproduce
Where are you starting? What can you see?
User Settings -> Security -> My Sessions -> Tap on a session -> Tap on "Sign out this session"
Then, by coincidence, it requires me to re-authenticate with my social identity provider, in this case GitHub.
GitHub then requires me to use my security key, because I use 2FA with GitHub.
I tap the use security key button in the web page. It says "authentication failed", despite using it earlier to sign into this device.
Other notes:
I have experienced this with the Cisco AnyConnect app. We had to change our configuration so the iOS app uses a slightly different web view technology.
Something about how
SFSafariWebViewApple Documentation:
ASWebAuthenticationSessionYubico: No reaction when using WebAuthn on macOS, iOS and iPadOS
Apple: Meet Face ID and Touch ID for the Web
Element has no control on what or how the scripts run on a social login provider. This issue likely will only be resolved by switching the web view technology that comes up when tapping "Sign out this session".
Outcome
What did you expect?
I expect to be able to use my security key to authenticate with GitHub and then return to Element's UI to remove the session.
What happened instead?
I was blocked
Your phone model
iPhone 13 Pro Max
Operating system version
17.0.3
Application version
No response
Homeserver
No response
Will you send logs?
Yes