Creating new passkey through iOS flow successfully creates entry, but never registers with requesting source

strongbox-password-safe / Strongbox

A KeePass/Password Safe Client for iOS and OS X

https://strongboxsafe.com

GNU Affero General Public License v3.0

1.33k stars 102 forks source link

Creating new passkey through iOS flow successfully creates entry, but never registers with requesting source #739

Closed nitz closed 10 months ago

nitz commented 10 months ago

Using Strongbox Pro v1.58.32 on iOS 17.1.1 on iPhone 15 Pro Max

A short video demonstrating the generation of the passkey for https://passkey.io. Notice at the end it returns to the same "Create a passkey?" prompt. Pressing continue at that point just loops the interaction, creating additional entries.

https://github.com/strongbox-password-safe/Strongbox/assets/602691/b25bb3b3-b128-49ff-8a6a-cd1639c5251b

The passkey is successfully generated, just never registered with the WebAuthn requester and thus unusable:

Let me know if I can provide any other details for this!

Cheers and thanks a heap!

strongbox-mark commented 10 months ago

Hi @nitz - That's not great, what browser/version are you using there? Does this also happen in Safari, and does a restart help?

nitz commented 10 months ago

Heya, Mark!

This was in Safari. I do have a few extensions enabled in it:

Achoo HTML
Amplosion
Firefox Focus
Purify
Rekt

I also have the iCloud "Private Relay" enabled.

When I ran into this I force-closed both Safari and Strongbox, but I haven't rebooted the phone since that morning.

I'll restart the phone now and give it a shot!

nitz commented 10 months ago

After a reboot I'm still having the same behavior. I also gave it a shot with content blockers disabled, and that didn't change anything. I don't have access to a Mac at the moment, so I can't easily get to the debugging tools in Safari, but I'm open to any other methods of getting info you might have in mind!

(Also fyi: this is pretty non-blocking for me at the moment! I actually just needed strongbox to generate a passkey so I could see how your entries looked in the database. I'm working on a plugin for KeePass proper to support WebAuthn on Windows and wanted to stay compatible with you and KeePassXC!)

strongbox-mark commented 10 months ago

Oh, that's awesome, thanks for keeping it compatible! :)

OK, let me try to take a look, it looks like Apple have changed something recently on macOS where we're getting stuck too... Could be related.

strongbox-mark commented 10 months ago

@nitz - I can't seem to reproduce the issue, creating keys on passkeys.io or webauthn.io is flawless (same versions as you). Would you be able to share your debug info (support@strongboxsafe.com)?

Also, if you need any help or info on the technical details of how Passkeys are stored in KeePassXC/Strongbox format let me know.

nitz commented 10 months ago

Just following up here with details discovered via our email conversation:

Autofill flow seems to be crashing after the passkey is created
Crash details don't seem to be captured in this specific instance, but best guess is it's due to the file size of my database:
- A fresh "local" database does not suffer the issue.
- A fresh "onedrive" database does not suffer the issue.
It may be due to resource usage when running the crypto ops, which is limited due by Apple's caps on autofill extensions.

Unfortunately that means there's no current solution! I'll go ahead and close this but will update if I can figure out anything more to add to it!