Setting up Krypton with Twitter appears to be broken.

[obra]

Over the past day or so, I've tried to set up Krypton with Twitter from both Chrome and Firefox on Linux about a dozen times. I can't make it go. :/

The Krypton app on iOS believes that setup works ok. In Chrome, I don't get any indicator that something happened. In Firefox, Twitter's auth dialog says " Invalid response, try again "

Is there anything I can do to give you more information to help fix this issue?

[obra]

PR #30 resolves this issue for me on Firefox. On Chrome, there's something else weird going on, though.

[EuForisch]

I see this issue too, on firefox & chrome mac, what are the other issues you see?

[protobits]

Any plans to fix this?

[agrinman]

Fixed in version 1.0.18! Just released a Krypton for Firefox update with this fix: https://addons.mozilla.org/en-US/firefox/addon/krypton-authenticator/

[DarwinAwardWinner]

Well, the "Invalid response, try again" issue seems to be fixed, but I still can't get it to work with Twitter. I get to "Add the security key to your Twitter account" and Krypton pops up the notification for me to approve. I click Approve and the app says it's registered with twitter.com, but Twitter goes to a screen that says "Touch the security key one more time to verify this is really your security key", and I don't know how to do that with Krypton. There's no notification or prompt on the phone, so I'm just stuck and I have to cancel out of the process.

Edit: This is in Firefox on MacOS

[protobits]

I just tried and it worked for me :shrug:

[agrinman]

@DarwinAwardWinner: it should automatically request your device, i.e. there should be two popups one for registering and one for auth

[DarwinAwardWinner]

I only get one prompt. The only other Krypton notification is "Registered with twitter.com", which has no approve button on it (of course).

[agrinman]

Any console errors? Can you also confirm you’re on v1.0.18 (bottom of extension pop up window)

[DarwinAwardWinner]

Yes, I definitely updated, because the first time I tried I got the invalid response, and then I realized the extension wasn't updated yet and force-updated the extension and checked the version number. The behavior I describe is with version 1.0.18. I'll check for console errors.

[DarwinAwardWinner]

This console error looks possibly suspicious?

Content Security Policy: The page’s settings blocked the loading of a resource at inline (“script-src”). u2f_security_key_verification_page.ebf22294c589815f452f1c9d6af08489d88d6af0.js:1:57428

I guess I'll see if there's anything blocking certain scripts from running (maybe uBlock or FF's own tracking protection).

[DarwinAwardWinner]

Ok, doesn't look like tracking protection or uBlock has any effect. I'm not familiar with what Content Security Policy refers to, and I don't know if that error is even relevant.

[agrinman]

Can you re-pair your phone?

[DarwinAwardWinner]

Ok, re-pairing my phone seems to have fixed it. I successfully completed the setup process.