Codeberg/Community
62
385
Fork
You've already forked Community
12

Confusing error message logging in with the wrong security key #2668

Open
opened 2026年05月21日 10:24:19 +02:00 by hwh · 3 comments

Comment

I have 2fa with a hardware security key enabled, and was attempting to login with a key that was not registered (I have two keys, one as a backup, and forgot to register my backup key). I get the following two errors:

Could not read your security key.
The request is not allowed by the user agent or the platform in the current context, possibly because the user denied permission.
Could not read your security key.
CredentialsContainer request is not allowed.

which I find quite misleading, because they seem to point to a browser issue (especially the second error message, which triggers fairly inconsistently). A message like "this key is not registered with your account, try another one?" would be much more informative.

### Comment I have 2fa with a hardware security key enabled, and was attempting to login with a key that was not registered (I have two keys, one as a backup, and forgot to register my backup key). I get the following two errors: ``` Could not read your security key. The request is not allowed by the user agent or the platform in the current context, possibly because the user denied permission. ``` ``` Could not read your security key. CredentialsContainer request is not allowed. ``` which I find quite misleading, because they seem to point to a browser issue (especially the second error message, which triggers fairly inconsistently). A message like "this key is not registered with your account, try another one?" would be much more informative.

Can you explain please, where you get this error messages? Maybe a screenshot? I fail to understand at which place you run into this issue.

Can you explain please, where you get this error messages? Maybe a screenshot? I fail to understand at which place you run into this issue.
Author
Copy link
Just directly from <https://codeberg.org/user/login> to <https://codeberg.org/user/webauthn>: ![image](/attachments/111f7f4a-8fcd-42d7-adbb-828a75e6263a)
Author
Copy link

I got

403 Forbidden
Request forbidden by administrative rules.

when logging in and had to change ip with my vpn, I think probably just because I was logging in and out a lot?

Also, the "Sign out" button does nothing if I press it immediately after logging in. I seem to have to wait ~1-2 minutes before actually being able to sign out.

I got ``` 403 Forbidden Request forbidden by administrative rules. ``` when logging in and had to change ip with my vpn, I think probably just because I was logging in and out a lot? Also, the "Sign out" button does nothing if I press it immediately after logging in. I seem to have to wait ~1-2 minutes before actually being able to sign out.
Sign in to join this conversation.
No Branch/Tag specified
main
No results found.
Labels
Clear labels
accessibility
Reduces accessibility and is thus a "bug" for certain user groups on Codeberg.
bug
Something is not working the way it should. Does not concern outages.
bug
infrastructure
Errors evidently caused by infrastructure malfunctions or outages
Codeberg
This issue involves Codeberg's downstream modifications and settings and/or Codeberg's structures.
contributions welcome
Please join the discussion and consider contributing a PR!
docs
No bug, but an improvement to the docs or UI description will help
duplicate
This issue or pull request already exists
enhancement
New feature
infrastructure
Involves changes to the server setups, use `bug/infrastructure` for infrastructure-related user errors.
legal
An issue directly involving legal compliance
licence / ToS
involving questions about the ToS, especially licencing compliance
please chill
we are volunteers
Please consider editing your posts and remember that there is a human on the other side. We get that you are frustrated, but it's harder for us to help you this way.
public relations
Things related to Codeberg's external communication
question
More information is needed
question
user support
This issue contains a clearly stated problem. However, it is not clear whether we have to fix anything on Codeberg's end, but we're helping them fix it and/or find the cause.
s/Forgejo
Related to Forgejo. Please also check Forgejo's issue tracker.
s/Forgejo/migration
Migration related issues in Forgejo
s/Pages
Issues related to the Codeberg Pages feature
s/Weblate
Issue is related to the Weblate instance at https://translate.codeberg.org
s/Woodpecker
Woodpecker CI related issue
security
involves improvements to the sites security
service
Add a new service to the Codeberg ecosystem (instead of implementing into Forgejo)
upstream
An open issue or pull request to an upstream repository to fix this issue (partially or completely) exists (i.e. Forgejo, Weblate, etc.)
wontfix
Codeberg's current set of contributors are not planning to spend time on delegating this issue.
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
2 participants
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
Codeberg/Community#2668
Reference in a new issue
Codeberg/Community
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?