search

greenpau / caddy-security

🔐 Authentication, Authorization, and Accounting (AAA) App and Plugin for Caddy v2. 💎 Implements Form-Based, Basic, Local, LDAP, OpenID Connect, OAuth 2.0 (Github, Google, Facebook, Okta, etc.), SAML Authentication. MFA/2FA with App Authenticators and Yubico. 💎 Authorization with JWT/PASETO tokens. 🔐
https://authcrunch.com/
Apache License 2.0
1.49k stars 73 forks source link

question: Passkey support #324

Closed cromelex closed 7 months ago

cromelex commented 8 months ago

Hi,

I have tried to enroll a passkey as the "2fa" token, instead of a physical key. For reference, I have manged to enroll a Yubikey USB, a Yubikey NFC, and also via Windows Hello.

I have tried a Bitwarden Passkey and get the following errors, one on Chrome another on the Firefox.

TypeError
DataView: expected ArrayBuffer, got Uint8Array
TypeError
First argument to DataView constructor must be an ArrayBuffer

On mobile, on my partner's Chrome on Android, I get a similar error while trying to enroll a Google Passkey (generated via their password manager - in browser).

Considering it is, to my understanding, a type of U2F implementation, of which the hardware keys are supported, I wonder if this is a quick fix. Would certainly be a nice to have.

Thanks,

greenpau commented 8 months ago

Google docs https://kstatic.googleusercontent.com/files/6a8a4d6536362a2107727b20072f2ab4e853291ce5eb90cc85b6b3b814740639f5d89e964598a63ed62cca4899006d2361cd8caed726b6e4997135a08dba200f

greenpau commented 8 months ago

@cromelex , when you say Passkeys are not working. How did you test it?

I was able to enroll passkeys with Windows Hello.

image

image

image

image

image

image

Testing:

image

image

image

greenpau commented 8 months ago

@cromelex , what is the procedure to setup Bitwarden? I am not familiar with it.

cromelex commented 8 months ago

@greenpau Windows passkeys do work, that's what I mentioned above: For reference, I have manged to enroll a Yubikey USB, a Yubikey NFC, and also via Windows Hello.

Bitwarden is a password management tool with a free tier that supports passkeys ( https://bitwarden.com/ ). You'd have to set to an account to test, I assume.

Alternatively, if you have a Google account, they do have support for it as well?

Neither the bitwarden not the Google passkeys worked for me when enrolling (got the error message).

greenpau commented 8 months ago

@cromelex , thank you for the explanation! I am now working on the new Profile UI and will try Bitwarden when rewriting that U2F related code.

greenpau commented 8 months ago

I might have found the issue. I am testing to see if what I see applies to Bitwarden,

greenpau commented 7 months ago

@cromelex, I release Profile UI 1.0. It contains new API and I think you should be able to onboard your key. At least try it.

Please see:

cromelex commented 7 months ago

Thank you for this. Not sure when it'll be, but I'll give it a try once I get a bit of spare time.

greenpau commented 7 months ago

@cromelex , I recorded the video about onboarding hardware tokens here: https://www.youtube.com/watch?v=272UQYWGhKo

It is the same thing for passkeys. I verified with Windows Hello and Apple Passkeys.

greenpau commented 7 months ago

Here is Windows Hello example: https://youtu.be/6BWPu7127Bw