search

lbuchs / WebAuthn

A simple PHP WebAuthn (FIDO2/Passkey) server library
https://webauthn.lubu.ch
MIT License
419 stars 75 forks source link

The operation either timed out or was not allowed. #93

Open Whip opened 1 month ago

Whip commented 1 month ago

For some reason, I'm getting this error on login from navigator.credentials.create. This happen sometimes and for some accounts but not for others. Can you tell what is the reason/source of this error? Here's the code

try {
    $WebAuthn = new lbuchs\WebAuthn\WebAuthn('Project Name', 'ProjectDomain', ['none']);
    $createArgs = $WebAuthn->getCreateArgs($customer['id'], $email, $customer['name'], 120, 'required', 'required', null);
    $challenge = $WebAuthn->getChallenge();
  $_SESSION['login-challenge'] = [
    'challenge' => $challenge->getBinaryString(),
    'userId' => $customer['id'],
    'email' => $email
    ];

  echo json_encode([
    'actionRequired' => 'newDevice',
    'createArgs' => $createArgs
  ]);
} catch (Exception $e) {
    echo '{"error":"'.$e->getMessage().'"}';
}

This response from php is provided to js

if(pubKeyCredOpts.actionRequired == 'newDevice'){
    recursiveBase64StrToArrayBuffer(pubKeyCredOpts.createArgs);

    navigator.credentials.create(pubKeyCredOpts.createArgs).then(cred => {
        const publicKeyCredential = {
            transports: cred.response.getTransports ? cred.response.getTransports() : null,
            clientDataJSON: cred.response.clientDataJSON ? arrayBufferToBase64(cred.response.clientDataJSON) : null,
            attestationObject: cred.response.attestationObject ? arrayBufferToBase64(cred.response.attestationObject) : null
        };

        // step 4 request
        verifyCreds('NewDevice', publicKeyCredential);

    }).catch(err => {
        handleError(err); <- This is executed showing the error
    });
}
lbuchs commented 1 day ago

a not allowed error could mean that the user has no device to register passkeys.

Whip commented 1 day ago

Does this mean that the biometric hardware on the device is unavailable for some reason?

lbuchs commented 1 day ago

I think on Windows it can happen when Windows Hello has not been set up and you don't have any other device (USB key, NFC, Bluetooth etc.)

Whip commented 1 day ago

I've mostly seen it on android though. When I started field testing it, on some phones folks had the fingerprint setup to unlock the phone but when registering on my website, they get this error.