WebAuthn does not work

[tancysam]

Description WebAuthn authentication page does not pop up when registering/ using a security key whether it be internal or external.

Steps to reproduce

1. Open webauthn.me
2. Key in any random username/email
3. Press register

Expected behaviour A page like the above shows up (Taken in Chrome)

Real Behaviour Only an error message pops up

Comments So far, Working: Chrome, Opera, Edge Not Working: Kiwi, Brave, Bromite

Webauthn.io is also able to verify that Webauthn is not working in Kiwi.

Based on what I've seen, Kiwi "supports" Webauthn but it is just not working. This is unlike other chromium browsers such as Samsung Browser, where the site at webauthn.io explicitly states that Webauthn is not supported. On Kiwi this message does not appear

Hopefully this will be solved. Thank you very much for.your hard work

[kiwibrowser]

Thank you for reporting the issue, I wonder if this could be because of a dependency on Android SafetyNet Authenticator or some obscure FIDO2 certification needed for the browser.

It's a bit tricky to reproduce because I need to get an U2F key (which is not a problem, but I don't have one available right now) How do you connect the security key ? just using a host USB adapter ?

[tancysam]

Hi, thanks for the quick response. I wasn't using any security key, just my phone.

I believe Android devices have some sort of "in built security chip" that enable the usage of FIDO2 + Webauthn.

[tancysam]

This is the error message I get.

[blogmangit]

I think web authentication api should be enabled for this at present kiwi does not support this. check html5 test site

[zsoltsandor]

I second this, WebAuthn is a must have, USB, NFC, Bluetooth, phone secure element, all of them.

[aresius]

Are there any plans to support WebAuthn in the near future?

[JordyEGNL]

Any updates on this? I'm unable to login to many websites due to this

[Daviteusz]

Webauthn in Kiwi only works with MicroG. Your device must be rooted and you must replace gapps with microg using, for example, microg installer revived - magisk module.

[claudio4]

It seems like some kind of whitelisting needs to happen on the Play Services side for it to allow the app to use the system authentication API. This may explain why it works with MicroG.

For me, it looks like no changes in code are needed, and instead @kiwibrowser needs to contact Google and request them to allow Kiwi to use the APIs, like Brave brower did.

[Ryonez]

Was juuuuust about to switch to this browser, but noticed an issue when using logging into Bitwarden.

[khang06]

If you're on a rooted device, you can use something like GMS Flags to inject Kiwi Browser's certificate hash (C069EA966332E91E0A0C3CC577E6F509FE3D9DDAF7015AD0C5C5EF8FDA3F8628 for the Play Store version) into the Fido2ApiKnownBrowsers__fingerprints key in the com.google.android.gms.fido namespace. For some reason, it takes a few hours to take effect, even after a reboot, but it works.

[liudonghua123]

I tried the latest kiwi browser 124 and chrome 125, and tested with webauthn.io. It's the similar problem.

kiwi pics	chrome pics