Natim
commented
3 years ago For Chrome I pushed b28e8e9 that fixes the first issue.
Open Natim opened 3 years ago
Natim
commented
3 years ago For Chrome I pushed b28e8e9 that fixes the first issue.
justinmayer
commented
3 years ago Thank you, Rémy, for documenting this and fixing the issue with Chrome. I wasn't able to reproduce the Firefox problem you encountered; I tested current master with two different computing environments:
In my testing, I was able to add the above devices and then use them to log in. That said, both of the above security keys are from 2016/2017 and thus only support FIDO / U2F — not FIDO2 / WebAuthn. So it's possible that is the reason why I can't reproduce the error. (In order to get a more up-to-date key, I have ordered a new Solo Tap USB-C key as part of a DiceKeys bundle, but I won't receive it until 2021.)
I don't know whether it's helpful, but while poking around I came across SoloKeys' fido2-tests project. Just thought I'd mention it since I hadn't seen that project before.
christophbeberweil
commented
1 year ago Hi @justinmayer, thak you for this awesome library.
I observe the issue not only in Firefox, but in Brave(based on Chrome) as well.
Firefox:
Brave:
I tested with a recent Yubikey (5C NFC), so maybe it is a problem based on the Yubikey in use?
I also observed that the POST request that is supposed to be made by getCredentialCreateOptionsFromServer in webauthn.js is never made. I think the problem in my case might be that something with the setup is wrong.
If you have any idea what might be the cause of the problem I would happily create a pull request if I am able to solve the problem.
Thanks :)
OS Ubuntu 22.04.01 Python 3.11 Django 4.1.3 Kagi 0.3.0 Yubikey 5C NFC Firefox: 102.5.0esr (64-bit) Brave: Version 1.46.134 Chromium: 108.0.5359.94 (Official Build) (64-bit)
On chrome : user.icon must be a secure URL.
On Firefox: undefined