search

tailscale / tailscale

The easiest, most secure way to use WireGuard and 2FA.
https://tailscale.com
BSD 3-Clause "New" or "Revised" License
18.64k stars 1.43k forks source link

Android devices should scan a QR code to log in #13377

Open szmarczak opened 2 weeks ago

szmarczak commented 2 weeks ago

What is the issue?

Clicking Alternatively, use a QR code shows up a QR code. I expect Android devices to work the other way around. In the dashboard there should be a QR code and I should scan it via camera on Android.

Steps to reproduce

https://github.com/user-attachments/assets/08f1578a-e8bb-4d59-9e15-2643a79da4a8

If you see Video can't be played because the file is corrupt above, use VLC:

  1. Media -> Open Network Stream
  2. https://github.com/user-attachments/assets/08f1578a-e8bb-4d59-9e15-2643a79da4a8

Are there any recent changes that introduced the issue?

None that I know of.

OS

Android

OS version

Android 14

Tailscale version

1.72

Other software

N/A

Bug report

No response

bradfitz commented 2 weeks ago

We agree that the mobile devices should be able to log in by scanning a QR code. I'll repurpose this bug to be about that explicitly.

But the "not the other way around" part isn't true: I often log in to devices using my phone by scanning a QR code. (e.g. I often run some test VMs without stock OSes installed without password managers or any state, and I can then log into the admin console or tailscale up --qr on them and scan them with my phone). I've even logged in one phone from another phone. So the web authentication's general support for showing a QR code isn't going away. It's tempting to add logic to conditionally hide that "use a QR code" but every heuristic I can think of has flaws that make it too aggressive.