Trustkey G310 registration doesn't work on Chrome

nextcloud / twofactor_webauthn

WebAuthn Two-Factor Provider for Nextcloud

https://apps.nextcloud.com/apps/twofactor_webauthn

GNU Affero General Public License v3.0

49 stars 7 forks source link

Trustkey G310 registration doesn't work on Chrome #205

Open andreas-p opened 2 years ago

andreas-p commented 2 years ago

This was tested with the latest Chrome 103 and Firefox 101 on NC24.0.2.

Registering the Trustkey with Chrome 103 for FIDO2 or 2FA doesn't work, because the public_key_credential_id field in oc_twofactor_webauthn_registrations and oc_webauthn are only VARCHAR(255), while the string to be stored is 256 bytes long. After resizing the column in both tables, both FIDO2 and 2FA logins work from Firefox or Chrome.

andreas-p commented 2 years ago

Hotfix for PostgreSQL:

ALTER TABLE oc_twofactor_webauthn_registrations ALTER COLUMN public_key_credential_id TYPE VARCHAR(256);
ALTER TABLE oc_webauthn ALTER COLUMN public_key_credential_id TYPE VARCHAR(256);

skwee commented 2 years ago

Same for Mysql / MariaDB:

ALTER TABLE oc_twofactor_webauthn_registrations MODIFY public_key_credential_id VARCHAR(256);
ALTER TABLE oc_webauthn MODIFY public_key_credential_id VARCHAR(256);

st3iny commented 2 years ago

The standard does not mandate a maximum size for credential ids. We only tested this using Yubikeys and their keys always fitted inside the table column.

I guess we should increase the width of the column.

Ref https://www.w3.org/TR/webauthn/#credential-id