The operation either timed out or was not allowed.

[Whip]

For some reason, I'm getting this error on login from navigator.credentials.create. This happen sometimes and for some accounts but not for others. Can you tell what is the reason/source of this error? Here's the code

try {
    $WebAuthn = new lbuchs\WebAuthn\WebAuthn('Project Name', 'ProjectDomain', ['none']);
    $createArgs = $WebAuthn->getCreateArgs($customer['id'], $email, $customer['name'], 120, 'required', 'required', null);
    $challenge = $WebAuthn->getChallenge();
  $_SESSION['login-challenge'] = [
    'challenge' => $challenge->getBinaryString(),
    'userId' => $customer['id'],
    'email' => $email
    ];

  echo json_encode([
    'actionRequired' => 'newDevice',
    'createArgs' => $createArgs
  ]);
} catch (Exception $e) {
    echo '{"error":"'.$e->getMessage().'"}';
}

This response from php is provided to js

if(pubKeyCredOpts.actionRequired == 'newDevice'){
    recursiveBase64StrToArrayBuffer(pubKeyCredOpts.createArgs);

    navigator.credentials.create(pubKeyCredOpts.createArgs).then(cred => {
        const publicKeyCredential = {
            transports: cred.response.getTransports ? cred.response.getTransports() : null,
            clientDataJSON: cred.response.clientDataJSON ? arrayBufferToBase64(cred.response.clientDataJSON) : null,
            attestationObject: cred.response.attestationObject ? arrayBufferToBase64(cred.response.attestationObject) : null
        };

        // step 4 request
        verifyCreds('NewDevice', publicKeyCredential);

    }).catch(err => {
        handleError(err); <- This is executed showing the error
    });
}

[lbuchs]

a not allowed error could mean that the user has no device to register passkeys.

[Whip]

Does this mean that the biometric hardware on the device is unavailable for some reason?

[lbuchs]

I think on Windows it can happen when Windows Hello has not been set up and you don't have any other device (USB key, NFC, Bluetooth etc.)

[Whip]

I've mostly seen it on android though. When I started field testing it, on some phones folks had the fingerprint setup to unlock the phone but when registering on my website, they get this error.

[Erseni]

For me it stopped working on Android.

[Cyrille37]

I does not work with Samsung A41 Android 12 with Chrome 128 & Firefox 132

The "new registration" does not work, it throw "The operation either timed out or was not allowed." at https://webauthn.lubu.ch/_test/client.html but it does not work too on https://webauthn.io/, https://www.passkeys.io/, https://webauthn.me/ :disappointed:

update:

• it does not work with Android 12 but it works with Android 14.
• if this test page is a reference, it gives bad news for my device : https://featuredetect.passkeys.dev/