Closed MatthewCroughan closed 1 year ago
Does your device has a PIN? Currently it isn't supported, microG can fallback to CTAP1 to avoid this problem but only if requireResidentKey is false.
@mar-v-in It seems to have a "java.lang.NullPointerException: Attempt to invoke virtual method 'boolean java.lang.Boolean.booleanValue()' on a null object reference" on this line: https://github.com/microg/GmsCore/blob/d63fed9c310a4b949857e5504496c202d3b88880/play-services-fido-core/src/main/kotlin/org/microg/gms/fido/core/transport/TransportHandler.kt#L156
@ale5000-git My device does not have a pin, it only has touch authentication.
However, indeed I did try this with a device that does have a PIN as well, which would be why the log I chose to focus on failed in this way.
The experience with my Yubikey 5 NFC which does not have a PIN is the same, although I'm sure the logs may be a bit different. Let me try to get a log with that.
The following is what happens when I try to register a device via webauthn.io on Firefox, this time without the device that has a PIN. Graphically there is no difference and the experience is the same. Tapping the device does nothing.
11-10 09:46:15.785 15055 15055 D FidoUsbHandler: YubiKey OTP+FIDO+CCID has permission
11-10 09:46:15.786 2751 2897 D OpenGLRenderer: endAllActiveAnimators on 0x7204fd6ba0 (RippleDrawable) with handle 0x7114f58c10
11-10 09:46:15.786 1376 9293 W InputManager-JNI: Input channel object '3e5249a com.android.systemui/com.android.systemui.usb.UsbPermissionActivity (client)' was disposed without first being removed with the input manager!
11-10 09:46:15.787 15055 15055 D FidoUsbHandler: Signature: BtDxCQGhAQkgFQAm/wB1CJVAgQIJIRUAJv8AdQiVQJECwA==
11-10 09:46:15.787 15055 15055 D UsbDeviceConnectionJNI: close
11-10 09:46:15.787 15055 15055 D FidoUsbHandler: Trying to use YubiKey OTP+FIDO+CCID for REGISTER
11-10 09:46:15.787 15055 15055 D FidoUi : USB status set to waiting-for-user (Bundle[{device=UsbDevice[mName=/dev/bus/usb/001/002,mVendorId=4176,mProductId=1031,mClass=0,mSubclass=0,mProtocol=0,mManufacturerName=Yubico,mProductName=YubiKey OTP+FIDO+CCID,mVersion=5.26,mSerialNumberReader=android.hardware.usb.IUsbSerialReader$Stub$Proxy@9f1256d, mHasAudioPlayback=false, mHasAudioCapture=false, mHasMidi=false, mHasVideoCapture=false, mHasVideoPlayback=false, mConfigurations=[
11-10 09:46:15.787 15055 15055 D FidoUi : UsbConfiguration[mId=1,mName=null,mAttributes=128,mMaxPower=15,mInterfaces=[
11-10 09:46:15.787 15055 15055 D FidoUi : UsbInterface[mId=0,mAlternateSetting=0,mName=null,mClass=3,mSubclass=1,mProtocol=1,mEndpoints=[
11-10 09:46:15.787 15055 15055 D FidoUi : UsbEndpoint[mAddress=129,mAttributes=3,mMaxPacketSize=8,mInterval=10]]
11-10 09:46:15.787 15055 15055 D FidoUi : UsbInterface[mId=1,mAlternateSetting=0,mName=null,mClass=3,mSubclass=0,mProtocol=0,mEndpoints=[
11-10 09:46:15.787 15055 15055 D FidoUi : UsbEndpoint[mAddress=4,mAttributes=3,mMaxPacketSize=64,mInterval=2]
11-10 09:46:15.787 15055 15055 D FidoUi : UsbEndpoint[mAddress=132,mAttributes=3,mMaxPacketSize=64,mInterval=2]]
11-10 09:46:15.787 15055 15055 D FidoUi : UsbInterface[mId=2,mAlternateSetting=0,mName=null,mClass=11,mSubclass=0,mProtocol=0,mEndpoints=[
11-10 09:46:15.787 15055 15055 D FidoUi : UsbEndpoint[mAddress=2,mAttributes=2,mMaxPacketSize=64,mInterval=0]
11-10 09:46:15.787 15055 15055 D FidoUi : UsbEndpoint[mAddress=130,mAttributes=2,mMaxPacketSize=64,mInterval=0]
11-10 09:46:15.787 15055 15055 D FidoUi : UsbEndpoint[mAddress=131,mAttributes=3,mMaxPacketSize=8,mInterval=32]]]]}])
11-10 09:46:15.787 15055 15055 D FidoCtapHidConnection: Opening connection
11-10 09:46:15.789 15055 15055 D FidoCtapHidConnection: Sending CtapHidInitRequest(nonce=2Z3+lD53EMI=) in 1 packets
11-10 09:46:15.789 15055 15055 D UsbRequestJNI: init
11-10 09:46:15.325 0 0 D tas2562 2-004c: tas2562_dev_read: BOOK:PAGE:REG 0:0:38
11-10 09:46:15.325 0 0 D tas2562 2-004c: tas2562_dev_read: BOOK:PAGE:REG 0:0:39
11-10 09:46:15.325 0 0 I tas2562 2-004c: IRQ status : 0x0, 0x0, 0x0, 0x0, 0x0
11-10 09:46:15.325 0 0 D tas2562 2-004c: tas2562_dev_read: BOOK:PAGE:REG 0:0:42
11-10 09:46:15.326 0 0 D tas2562 2-004c: tas2562_dev_read: BOOK:PAGE:REG 0:0:43
11-10 09:46:15.326 0 0 D tas2562 2-004c: tas2562_dev_read: BOOK:PAGE:REG 0:0:44
11-10 09:46:15.326 0 0 D tas2562 2-004c: VBAT status : 0x3c, 0x80, temperature: 0x72
11-10 09:46:15.326 0 0 D tas2562 2-004c: tas2562_dev_read: BOOK:PAGE:REG 0:0:18
11-10 09:46:15.326 0 0 D tas2562 2-004c: tas2562_dev_read: BOOK:PAGE:REG 0:0:18
11-10 09:46:15.326 0 0 D tas2562 2-004c: Thermal foldback : 0x12, limiter status: 0x12
11-10 09:46:15.327 0 0 D tas2562 2-004c: tas2562_hw_params, format: 6
11-10 09:46:15.327 0 0 D tas2562 2-004c: tas2562_dev_read: BOOK:PAGE:REG 0:0:2
11-10 09:46:15.327 0 0 D tas2562 2-004c: tas2562_dev_read: BOOK:PAGE:REG 0:0:36
11-10 09:46:15.327 0 0 I tas2562 2-004c: IRQ reg is: irq_work_routine 0, 545
11-10 09:46:15.327 0 0 D tas2562 2-004c: tas2562_dev_update_bits: BOOK:PAGE:REG 0:0:2, mask: 0x3, val=0x0
11-10 09:46:15.327 0 0 I tas2562 2-004c: set ICN to -80dB
11-10 09:46:15.328 0 0 D tas2562 2-004c: tas2562_dev_bulk_write: BOOK:PAGE:REG 0:2:100, len: 0x04
11-10 09:46:15.328 0 0 D tas2562 2-004c: tas2562_dev_read: BOOK:PAGE:REG 0:0:36
11-10 09:46:15.328 0 0 I tas2562 2-004c: IRQ reg is: irq_work_routine, 0, 559
11-10 09:46:15.328 0 0 D tas2562 2-004c: PowSts B: 0x2, check again after 10ms
11-10 09:46:15.791 15055 15055 D FidoCtapHidConnection: Sent packet /////4YACNmd/pQ+dxDCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
11-10 09:46:15.791 15055 15055 D UsbRequestJNI: close
11-10 09:46:15.791 15055 15055 D UsbRequestJNI: init
11-10 09:46:15.791 15055 15055 D FidoCtapHidConnection: Reading 64 bytes from usb
11-10 09:46:15.796 15055 15055 D FidoCtapHidConnection: Received packet /////4YAEdmd/pQ+dxDCAL0AAQIFAgYFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
11-10 09:46:15.797 15055 15055 D FidoCtapHidConnection: Received CtapHidInitResponse(nonce=0x2Z3+lD53EMI=, channelId=0xbd0001, protocolVersion=0x2, version=5.2.6, capabilities=0x5) in 1 packets
11-10 09:46:15.797 15055 15055 D UsbRequestJNI: close
11-10 09:46:15.797 15055 15055 D FidoCtapHidConnection: Sending CtapHidCborRequest(Ctap2Request(command=0x4, payload=)) in 1 packets
11-10 09:46:15.797 15055 15055 D UsbRequestJNI: init
11-10 09:46:15.799 15055 15055 D FidoCtapHidConnection: Sent packet AL0AAZAAAQQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
11-10 09:46:15.799 15055 15055 D UsbRequestJNI: close
11-10 09:46:15.799 15055 15055 D UsbRequestJNI: init
11-10 09:46:15.800 15055 15055 D FidoCtapHidConnection: Reading 64 bytes from usb
11-10 09:46:15.801 15055 15055 D FidoCtapHidConnection: Received packet AL0AAZAAwwCqAYNmVTJGX1YyaEZJRE9fMl8wbEZJRE9fMl8xX1BSRQKCa2NyZWRQcm90ZWN0a2htYWMtc2Vjcg==
11-10 09:46:15.801 15055 15055 D FidoCtapHidConnection: Reading 64 bytes from usb
11-10 09:46:15.803 15055 15055 D FidoCtapHidConnection: Received packet AL0AAQBldANQL8BXn4ETR+qxFrtajbkgKgSlYnJr9WJ1cPVkcGxhdPRpY2xpZW50UGlu9XVjcmVkZW50aWFsTQ==
11-10 09:46:15.803 15055 15055 D FidoCtapHidConnection: Reading 64 bytes from usb
11-10 09:46:15.805 15055 15055 D FidoCtapHidConnection: Received packet AL0AAQFnbXRQcmV2aWV39QUZBLAGgQEHCAgYgAmCY25mY2N1c2IKgqJjYWxnJmR0eXBlanB1YmxpYy1rZXmiYw==
11-10 09:46:15.805 15055 15055 D FidoCtapHidConnection: Reading 64 bytes from usb
11-10 09:46:15.807 15055 15055 D FidoCtapHidConnection: Received packet AL0AAQJhbGcnZHR5cGVqcHVibGljLWtleQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
11-10 09:46:15.807 15055 15055 D FidoCtapHidConnection: Received CtapHidCborResponse(statusCode=0x0, payload=qgGDZlUyRl9WMmhGSURPXzJfMGxGSURPXzJfMV9QUkUCgmtjcmVkUHJvdGVjdGtobWFjLXNlY3JldANQL8BXn4ETR+qxFrtajbkgKgSlYnJr9WJ1cPVkcGxhdPRpY2xpZW50UGlu9XVjcmVkZW50aWFsTWdtdFByZXZpZXf1BRkEsAaBAQcICBiACYJjbmZjY3VzYgqComNhbGcmZHR5cGVqcHVibGljLWtleaJjYWxnJ2R0eXBlanB1YmxpYy1rZXk=) in 4 packets
11-10 09:46:15.807 15055 15055 D UsbRequestJNI: close
11-10 09:46:15.808 15055 15055 D FidoCtapHidConnection: Got info: AuthenticatorGetInfoResponse(versions=[], extensions=[], aaguid=[47, -64, 87, -97, -127, 19, 71, -22, -79, 22, -69, 90, -115, -71, 32, 42], options=Options[platformDevice=false, residentKey=true, clientPin=true, userPresence=true, noMcGaPermissionsWithClientPin=false, credentialMgmtPreview=true, makeCredUvNotRqd=false], maxMsgSize=1200, pinProtocols=[])
11-10 09:46:15.809 15055 15055 D UsbDeviceConnectionJNI: close
11-10 09:46:15.810 15055 15055 W FidoUsbHandler: java.lang.NullPointerException: Attempt to invoke virtual method 'boolean java.lang.Boolean.booleanValue()' on a null object reference
11-10 09:46:15.810 15055 15055 W FidoUsbHandler: at org.microg.gms.fido.core.transport.TransportHandler.register$play_services_fido_core_release(TransportHandler.kt:156)
11-10 09:46:15.810 15055 15055 W FidoUsbHandler: at org.microg.gms.fido.core.transport.usb.UsbTransportHandler$register$2.invokeSuspend(UsbTransportHandler.kt:87)
11-10 09:46:15.810 15055 15055 W FidoUsbHandler: at org.microg.gms.fido.core.transport.usb.UsbTransportHandler$register$2.invoke(Unknown Source:8)
11-10 09:46:15.810 15055 15055 W FidoUsbHandler: at org.microg.gms.fido.core.transport.usb.UsbTransportHandler$register$2.invoke(Unknown Source:4)
11-10 09:46:15.810 15055 15055 W FidoUsbHandler: at org.microg.gms.fido.core.transport.usb.ctaphid.CtapHidConnection.open(CtapHidConnection.kt:176)
11-10 09:46:15.810 15055 15055 W FidoUsbHandler: at org.microg.gms.fido.core.transport.usb.ctaphid.CtapHidConnection$open$2.invokeSuspend(Unknown Source:15)
11-10 09:46:15.810 15055 15055 W FidoUsbHandler: at kotlin.coroutines.jvm.internal.BaseContinuationImpl.resumeWith(ContinuationImpl.kt:33)
11-10 09:46:15.810 15055 15055 W FidoUsbHandler: at kotlinx.coroutines.internal.ScopeCoroutine.afterResume(Scopes.kt:33)
11-10 09:46:15.810 15055 15055 W FidoUsbHandler: at kotlinx.coroutines.AbstractCoroutine.resumeWith(AbstractCoroutine.kt:102)
11-10 09:46:15.810 15055 15055 W FidoUsbHandler: at kotlin.coroutines.jvm.internal.BaseContinuationImpl.resumeWith(ContinuationImpl.kt:46)
11-10 09:46:15.810 15055 15055 W FidoUsbHandler: at kotlinx.coroutines.DispatchedTask.run(DispatchedTask.kt:106)
11-10 09:46:15.810 15055 15055 W FidoUsbHandler: at androidx.lifecycle.DispatchQueue.drainQueue(DispatchQueue.kt:75)
11-10 09:46:15.810 15055 15055 W FidoUsbHandler: at androidx.lifecycle.DispatchQueue.enqueue(DispatchQueue.kt:112)
11-10 09:46:15.810 15055 15055 W FidoUsbHandler: at androidx.lifecycle.DispatchQueue.dispatchAndEnqueue$lambda-2$lambda-1(DispatchQueue.kt:100)
11-10 09:46:15.810 15055 15055 W FidoUsbHandler: at androidx.lifecycle.DispatchQueue.$r8$lambda$G2ay370n_s_ksSHUJaD9zIU8eCw(Unknown Source:0)
11-10 09:46:15.810 15055 15055 W FidoUsbHandler: at androidx.lifecycle.DispatchQueue$$ExternalSyntheticLambda0.run(Unknown Source:4)
11-10 09:46:15.810 15055 15055 W FidoUsbHandler: at android.os.Handler.handleCallback(Handler.java:938)
11-10 09:46:15.810 15055 15055 W FidoUsbHandler: at android.os.Handler.dispatchMessage(Handler.java:99)
11-10 09:46:15.810 15055 15055 W FidoUsbHandler: at android.os.Looper.loopOnce(Looper.java:201)
11-10 09:46:15.810 15055 15055 W FidoUsbHandler: at android.os.Looper.loop(Looper.java:288)
11-10 09:46:15.810 15055 15055 W FidoUsbHandler: at android.app.ActivityThread.main(ActivityThread.java:7870)
11-10 09:46:15.810 15055 15055 W FidoUsbHandler: at java.lang.reflect.Method.invoke(Native Method)
11-10 09:46:15.810 15055 15055 W FidoUsbHandler: at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:548)
11-10 09:46:15.810 15055 15055 W FidoUsbHandler: at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:1003)
11-10 09:46:15.811 15055 15055 D FidoUi : USB status set to waiting-for-device (null)
@MatthewCroughan
FidoUi: onCreate
, somewhere earlier in the logs. Can you share that as well please?@mar-v-in
I disabled Require User Verification in the advanced settings of webauthn.io, the results are the same. The Firefox UI never asks me to press my key, as if it never saw it plugged in, in the first place. It remains asking me to plug in the authenticator, despite the GMS UI acknowledging that I have plugged it in.
11-10 10:03:45.179 13876 13876 D Fido2Privileged: onBind: Intent { act=com.google.android.gms.fido.fido2.privileged.START pkg=com.google.android.gms }
11-10 10:03:45.187 13876 13891 D Fido2Privileged: bound by: GetServiceRequest{serviceId=FIDO2_PRIVILEGED, gmsVersion=12451000, packageName='org.mozilla.firefox', extras=Bundle[{FIDO2_ACTION_START_SERVICE=com.google.android.gms.fido.fido2.privileged.START}]}
11-10 10:03:45.217 16036 16036 I WebAuthnFeature: Received activity delegate request with code: 11
11-10 10:03:45.219 1376 9289 I ActivityTaskManager: START u0 {cmp=com.google.android.gms/org.microg.gms.fido.core.ui.AuthenticatorActivity (has extras)} from uid 10084
11-10 10:03:45.239 1376 9289 W ActivityTaskManager: Tried to set launchTime (0) < mLastActivityLaunchTime (6389517)
11-10 10:03:45.253 15055 15055 D FidoUi : onCreate caller=org.mozilla.firefox options=BrowserPublicKeyCredentialCreationOptions[PublicKeyCredentialCreationOptions[rp=PublicKeyCredentialRpEntity[webauthn.io, name="webauthn.io", icon=""], user=PublicKeyCredentialUserEntity[ZEdWemRERXlNdw, name="test123", icon="", displayName="test123"], challenge=ppQQjxijNMf1rQh0USozPr7d1mvpJRfcRij562kPAAdI_JTfD4eXiPposMhkWd9sifU9kQMWUm2lo6zCvpybrw, parameters=[PublicKeyCredentialParameters[type=public-key, algorithm=COSEAlgorithmIdentifier[ES256]], PublicKeyCredentialParameters[type=public-key, algorithm=COSEAlgorithmIdentifier[ES384]], PublicKeyCredentialParameters[type=public-key, algorithm=COSEAlgorithmIdentifier[ES512]], PublicKeyCredentialParameters[type=public-key, algorithm=COSEAlgorithmIdentifier[ED256]], PublicKeyCredentialParameters[type=public-key, algorithm=COSEAlgorithmIdentifier[ED512]], PublicKeyCredentialParameters[type=public-key, algorithm=COSEAlgorithmIdentifier[PS256]], PublicKeyCredentialParameters[type=public-key, algorithm=COSEAlgorithmIdentifier[PS384]], PublicKeyCredentialParameters[type=public-key, algorithm=COSEAlgorithmIdentifier[PS512]], PublicKeyCredentialParameters[type=public-key, algorithm=COSEAlgorithmIdentifier[RS256]], PublicKeyCredentialParameters[type=public-key, algorithm=COSEAlgorithmIdentifier[RS384]], PublicKeyCredentialParameters[type=public-key, algorithm=COSEAlgorithmIdentifier[RS512]]], timeoutSeconds=60.0, excludeList=[PublicKeyCredentialDescriptor[hB-peXjsmYQnkShFSbMfoBso8nf-Jpc_0CTL48iXyxo, type=public-key, transports=[]], PublicKeyCredentialDescriptor[tK3fBHN0CI8iKCZBxUruf7JOUppohkzuBVzVDFb3p8hQtHmDJwxdWeFXCbWR7HtQpNNEyO_XQw7ogGP4ZbIgHA, type=public-key, transports=[]]], authenticatorSelection=AuthenticatorSelectionCriteria[], attestationConveyancePreference=none, authenticationExtensions=AuthenticationExtensions[]], origin=https://webauthn.io]
11-10 10:03:45.264 15055 15055 D FidoUi : facetId=https://webauthn.io, appName=webauthn.io
11-10 10:03:45.313 1376 1683 I ActivityTaskManager: Displayed com.google.android.gms/org.microg.gms.fido.core.ui.AuthenticatorActivity: +87ms
Here are fuller logs, should anyone wish to debug further https://gist.githubusercontent.com/MatthewCroughan/10f1e63ba8c572bb72a9a72f42ed1793/raw/c206074854274ad4ff5337ac28275ec249ce4554/gistfile1.txt
I guess I found the issue:
requireResidentKey
attribute to true
or false
, even though it's required (and no matter if the website is requesting it to be true
or false
). I will default to understand a missing requireResidentKey
value as false
, but this is still something Firefox should handle (because sites can't even ask it to be set to true
right now). Maybe you could check if there is already an issue filed with them and if not, open one.requireResidentKey
is used to determine if CTAP1 can be used instead. Without a value this fails in microG.So it should work to use your key with webauthn.io in Chromium if "Require User Verification" is disabled (Chromium does correctly set the value of requireResidentKey
)
@mar-v-in What you say is true, it just worked with both NFC and USB, but only in Chromium.
As for other programs, such as Bitwarden, or signing in with Google, the story is different. I cannot use FIDO to log into the webauthn given by Bitwarden, below is the log.
11-10 11:05:02.411 15055 15055 D FidoUi : onCreate caller=org.robotnix.chromium options=BrowserPublicKeyCredentialRequestOptions[PublicKeyCredentialRequestOptions[challenge=JCLkF1O-4f_eQrhlno_XhLyFbmge9GzFcbAVdQPLPXo, timeoutSeconds=60.0, rpId="vaultwarden.croughan.sh", allowList=[PublicKeyCredentialDescriptor[g2dedr57pEwS-M0XNJIrLS3_pznDAzwf_IWRu14PFkMiVBc7upf66gA6XVurMenZ8pbbfaSwadPkCA0TqqDOFA, type=public-key, transports=[usb, ble, nfc, usb, internal]], PublicKeyCredentialDescriptor[NEzCBeCznU5D_GQaOZIn6v3aG2MQuad0g6JgX8VXJD830EV2GQhKc7CgLppgH45p_kfcmLKNF9zK-GhSLon9RA, type=public-key, transports=[usb, ble, nfc, usb, internal]]], userVerificationRequirement=discouraged, authenticationExtensions=AuthenticationExtensions[fidoAppIdExtension="https://vaultwarden.croughan.sh/app-id.json"]], origin=https://vaultwarden.croughan.sh/]
11-10 11:05:02.429 15055 15055 D FidoUi : Finish with error: Package org.robotnix.chromium does not match facet https://vaultwarden.croughan.sh (NOT_ALLOWED_ERR)
11-10 11:05:02.448 21548 21548 E cr_Fido2Request: FIDO2 API call resulted in error: 35 Package org.robotnix.chromium does not match facet https://vaultwarden.croughan.sh
11-10 11:05:02.462 21548 21548 I cr_OfflineDetector: Running updateState mConnectivityDetectorInitialized: true, mTimeWhenLastForegrounded: 81310641, getElapsedTime: 81310641, mTimeWhenLastOfflineNotificationReceived: 0, mTimeWhenLastOnline: 80940238, mApplicationState: 1, mIsOfflineLastReportedByConnectivityDetector: false, mIsEffectivelyOffline: false
11-10 11:05:02.462 21548 21548 I cr_OfflineDetector: updateState(): timeSinceLastForeground: 0, timeSinceOfflineNotificationReceived: 81310641, timeSinceLastOnline: 370403, timeNeededForForeground: 2000, timeNeededForOffline: -81308641
11-10 11:05:02.486 1376 2580 D CompatibilityChangeReporter: Compat change id reported: 135634846; UID 10109; state: DISABLED
11-10 11:05:02.487 1376 1696 D CompatibilityChangeReporter: Compat change id reported: 143937733; UID 10109; state: ENABLED
11-10 11:05:02.508 21589 21589 D Zygote : Forked child process 24319
11-10 11:05:02.511 1376 1696 I ActivityManager: Start proc 24319:org.robotnix.chromium:sandboxed_process0:org.chromium.content.app.SandboxedProcessService0:29/u0ai29 for {org.robotnix.chromium/org.chromium.content.app.SandboxedProcessService0:29}
11-10 11:05:02.516 1376 2580 I ActivityTaskManager: START u0 {act=android.intent.action.VIEW cat=[android.intent.category.BROWSABLE] dat=bitwarden://webauthn-callback?error=NotAllowedError: The operation either timed out or was not allowed. See: https://www.w3.org/TR/webauthn-2/#sctn-privacy-considerations-client. flg=0x14000000 cmp=com.x8bit.bitwarden/crc640744bad199c09ddf.WebAuthCallbackActivity (has extras)} from uid 10109
@MatthewCroughan If I'm not wrong Bitwarden bundle a library in the app itself and do not use the API. See here: https://github.com/bitwarden/mobile/pull/1519
@ale5000-git That may be true, but even if I try to login to the web interface via Chromium and use webauthn there, it throws the exact same set of errors.
Yes, that seems to be another issue on microG FIDO implementation.
@mar-v-in Is this likely to get resolved, or is it out of scope for the feature set that microG wants to implement?
Both issues are going to be fixed / workarounded in the next release.
@mar-v-in When do the nightly apks get built for https://microg.org/dl/core-nightly.apk ? I'm patiently waiting to try this out! Thanks for doing this so quickly <3
@mar-v-in It looks like the nightly APK still isn't updated. When does this APK get updated?
Looks like the nightly APK just got updated. Quick turnaround! Thanks so much.
Can you confirm that it works for you in all cases now?
@ale5000-git @mar-v-in I can confirm that https://github.com/microg/GmsCore/commit/d01f3719426be7f5237b098d53548eeeb7806119 fixes each and every one of my use-cases. Signing into Tailscale via Chromium via Google with NFC works fine, as does webauthn via my self-hosted Bitwarden. This is really great. I have also tested that it works fine with USB.
Have you tested also with Firefox?
It looks to work in exactly the same way with Firefox 107.1.0 from FFDownloader from F-Droid
Good, thanks.
Describe the bug Whenever I try to use the new FIDO functionality via USB on v0.2.25.223616 or 2a19ef4, the transport handler crashes when indicating presence on the FIDO device. In the Android UI, nothing graphical can be seen, but the results of logcat show what is happening. The ultimate result is that FIDO doesn't work in any context. The system UI will allow me to attempt to add keys in Firefox or Chromium, but will not do anything when I press the key.
Logcat
To Reproduce Steps to reproduce the behavior:
Expected behavior I expect tapping the FIDO key to do something, but it does nothing.
System Android Version: 12 Custom ROM: LineageOS 19.1
Additional context I am using a Yubikey 5 NFC, and NFC/USB. NFC does not work either.
More Logcat that proves data is being sent back from the Yubikey and being handled