search

mkalioby / django-passkeys

Django Authentication Backend For Passkeys
MIT License
198 stars 23 forks source link

Unable to use Mac as passkey device / registration not working #7

Closed kakulukia closed 1 year ago

kakulukia commented 1 year ago

Hi,

i somehow got this module working, am seeing the add passkey option and can initiate the process via Chrome, but my mac is missing from possible devices.

This is how it looks like at https://webauthn.me/: SCR-20230610-gon It prompts my username and chooses the Mac as the default device. After clicking "user different device" i get those options SCR-20230610-gkr

With django passkeys it looks like this SCR-20230610-gq5

I have some other trouble with the associated pixel device. Its not working at all. Not sure why. But sanning the QR-code for a new device, i just get an unknown error: "Registration Failed as Error on server, please try again later, try again"

The Django log has this: raise ValueError("Invalid origin in CollectedClientData.")

Not sure what im doing wrong. :/ Does it actually work with localhost?

No hints in the JS console.

I used the proposed defaults: FIDO_SERVER_ID = "localhost" # Server rp id for FIDO2, it the full domain of your project FIDO_SERVER_NAME = "TestApp"

mkalioby commented 1 year ago

Chrome on Mac works fine.

The error indicates you are using a domain different than localhost, What is the url where is your server is running in browser?

P.S you cant use 127.0.0.1 in the browser, you shall use localhost

kakulukia commented 1 year ago

Im starting the process at http://localhost:8000/passkeys/

kakulukia commented 1 year ago

Shall i add the port?

kakulukia commented 1 year ago

No, addings the port aint working at all: Registration Failed as SecurityError: The relying party ID is not a registrable domain suffix of, nor equal to the current domain., try again

kakulukia commented 1 year ago

I had a quick look at the example provided. Do i have to use SSL for passkeys to work? Or why does your example use django-sslserver?

mkalioby commented 1 year ago

Yes, https is required for passkeys to work and I just checked HTTP fails but HTTPS is working fine.

kakulukia commented 1 year ago

okay, this should definitely be mentioned in the onboarding steps! :D

Im getting there one step at a time.

kakulukia commented 1 year ago

Okay, confirmed. This works fine with SSL enabled. Will integrate that in my onboarding steps update pull request.

If its okay with you id like to also strip down any optional code or dependencies.

mkalioby commented 1 year ago

Sure, lets see what to remove