greenpau
commented
2 years ago @Loqova , the /settings/mfa/add/u2f endpoint is for adding hardware tokens (Yubico), not app authenticators (i.e. QR code stuff). I verified and things work fine.
Open Loqova opened 2 years ago
greenpau
commented
2 years ago @Loqova , the /settings/mfa/add/u2f endpoint is for adding hardware tokens (Yubico), not app authenticators (i.e. QR code stuff). I verified and things work fine.
Loqova
commented
2 years ago I believe that Hardware tokens work. But then maybe the available options send to the browser need to be limited? I'm not familiar with the implementation of FIDO. Right now, after clicking add Token on that page my browsers gives me an option to add my Android phone as a FIDO token.
greenpau
commented
2 years ago I believe that Hardware tokens work. But then maybe the available options send to the browser need to be limited? I'm not familiar with the implementation of FIDO. Right now, after clicking add Token on that page my browsers gives me an option to add my Android phone as a FIDO token.
@Loqova , I was able to reproduce the error with iPhone (don't use Android). Basically, I tried enrollment with FaceID and it failed 😄 with "undefined".
Loqova
commented
2 years ago So maybe the "phone" option needs to be disabled or something about the implementation needs to be enabled I see some options in this official demo of FIDO: https://webauthn.io/. Maybe its the "Attestation Type"?
On a related note, if we could support Authenticator Type TPM as shown in that example that would be great too. Because it would, as tested in the demo, allow for the use of Windows Hello, eg. Face unlock and Fingerprint unlock on devices that have those sensors.
/settings/mfa/add/u2fresults in a proper browser QR code in both browsers Brave and Chrome. I scan it, browser passed info to the site and then it shows undefined undefined.