ale5000-git
commented
2 years ago @restena-sw Fennec F-Droid (a fork of Firefox) will likely include microG FIDO libraries soon so it will likely work although it isn't ready yet. relan is working on it.
Closed flipsa closed 2 years ago
ale5000-git
commented
2 years ago @restena-sw Fennec F-Droid (a fork of Firefox) will likely include microG FIDO libraries soon so it will likely work although it isn't ready yet. relan is working on it.
ale5000-git
commented
2 years ago @mar-v-in Is it possible to have another nightly build with the latest fixes please?
mar-v-in
commented
2 years ago Nightly is updated.
I'm closing this issue now, as I feel that Bluetooth support, caBLE support and the non-browser Fido API are minor functionality (which I also probably won't tackle in near future).
Nuc1eoN
commented
1 year ago Hi, sorry for bringing this issue up again.
I waited a long time for this feature to be implemented and I just tested v0.2.25.x and cannot get FIDO2 to work 🤔
This is me trying to log into github:
It immediatly fails without a prompt.
So therefore I have tried webauthn.io:
Now here at least I did get a prompt if I want to use my securty key and it vibrates after holding it against my phone. However as you see the process still fails.
Any idea what is happening? Or did I misunderstand the implemented feature?
My security key is a Solokey 1 NFC.
mar-v-in
commented
1 year ago webauthn.io: If you are using a SoloKey via NFC or USB: microG only supports user verification performed on the authenticator itself, which typically means they need a fingerprint scanner. If you're using the option of using the devices screen lock, that should provide user verification. On webauthn.io you can also disable "require user verification" under advanced settings.
GitHub does work for me and if it fails without a prompt, the key itself can't be the issue. Can you please provide a logcat (feel free to do a new issue for this)?
ale5000-git
commented
1 year ago @Nuc1eoN: I suggest also to try with the latest nightly build since some bugs were fixed after the release, the NFC timeout was also increased.
Nuc1eoN
commented
1 year ago webauthn.io: If you are using a SoloKey via NFC or USB: microG only supports user verification performed on the authenticator itself, which typically means they need a fingerprint scanner.
Oh I did not know that! Yes you are right after unticking user verification it works ;) Will user verification with security key and PIN be supported in the future?
GitHub does work for me and if it fails without a prompt, the key itself can't be the issue. Can you please provide a logcat (feel free to do a new issue for this)?
Thank you I followed your suggestion and opened a new issue: #1817
Yannik
commented
1 year ago webauthn.io: If you are using a SoloKey via NFC or USB: microG only supports user verification performed on the authenticator itself, which typically means they need a fingerprint scanner.
@mar-v-in Could you clarify please: Is using a FIDO2-Token with a PIN (e.g., a yubikey) not supported at all? Or is this just something with the SoloKey?
mar-v-in
commented
1 year ago microG currently does not support FIDO2 authentication methods that require a PIN to be entered on the client (if PIN is entered on the authenticator, there is no issue, but only few authenticators support that). PIN is required for most popular security keys (incl. Yubikey and Solokey) when user verification is required, but often is optional if user verification is not required. Rule of thumb: If you need to enter your PIN when using your Yubikey for sign-in on your desktop (which typically means your browser asks for your PIN) it won't work with microG. This is the same restriction as is currently present in Play Services, as is reported in this issue in Chromium bug tracker.
I'm not saying that we can't go beyond the feature set of Play Services, but it is not a primary objection of microG. If someone wants to implement this (shouldn't be too hard) I'd be happy to accept a PR.
Yannik
commented
1 year ago @mar-v-in Oh, that's too bad. Thank you for the explanation.
Chinchzilla
commented
1 year ago Hi there, I'm on 0.2.26.223616-37 and U2F works both via NFC and USB. WebAuthn works on registration via USB but not authentication. NFC for WebAuthn doesn't work at all. Device Pixel 4a.
ale5000-git
commented
1 year ago @Chinchzilla Please open a new ticket for the problem.
If you can. also update microG GmsCore to v0.2.27.223616 (or higher) please.
Hey there,
I use LineageOS for MicroG on my NFC enabled phone and recently bought a Yubikey 5 NFC. While the phone does detect the Yubikey via NFC or UCB-OTG, there seems to be no support for U2F/ Fido2 / webauthn. I used the Yubico U2F demo site to test it.
If I understand correctly, this functionality is provided on stock Android with the usual Google Apps through the Google play services library, which then exposes it via an API to the mobile browser. On my device, depending on the browser I either get "The user agent does not support public key credentials" (Jelly), or I get a timeout while trying (Chrome, Firefox, Brave).
On a non LineageOS / non-microg device with the Chrome browser, the Yubico demo site works fine.
The browsers (except Jelly) all have support for U2F if I am not mistaken, so that is not the reason I think...
Are there any plans to incorporate this in MicroG? I could not find any info on it, so I'm asking here.
Thanks for any leads - and of course for MicroG in general, I appreciate it very much!