Unable to authenticate via Webauthn #993

Marix commented 2023年04月16日 14:25:26 +02:00

Hi,

As of recently I am no longer able to authenticate via Webauthn but have to utilise the backup method of using a TOTP code. On either of my two Solo keys I get the following error message that I also attached as a screenshot:

Dein Sicherheitsschlüssel konnte nicht gelesen werden.
An attempt was made to use an object that is not, or is no longer, usable

I checked with other sites like Github and it seems the only page on which Webauthn is broken for me is Codeberg. Thus, it seems I either managed to break solely that single slot on both of my keys or something has broken on the server side since I registered them last year.

I have not yet tried re-registering the keys as I did not want to change the broken state in case there is any specific information you wanted to gather first. Otherwise that would be the next thing I'd try.

Hi, As of recently I am no longer able to authenticate via Webauthn but have to utilise the backup method of using a TOTP code. On either of my two Solo keys I get the following error message that I also attached as a screenshot: > Dein Sicherheitsschlüssel konnte nicht gelesen werden. > An attempt was made to use an object that is not, or is no longer, usable I checked with other sites like Github and it seems the only page on which Webauthn is broken for me is Codeberg. Thus, it seems I either managed to break solely that single slot on both of my keys or something has broken on the server side since I registered them last year. I have not yet tried re-registering the keys as I did not want to change the broken state in case there is any specific information you wanted to gather first. Otherwise that would be the next thing I'd try.

ec4x commented 2023年04月19日 15:29:57 +02:00

Eh.. to help anybody maybe investigating an issue:

Which OS and browser are you using?

Maybe some of the Forgejo devs know, if it could be related to Gitea deprecating U2F in favor of WebAuthn (last year) and Firefox also disabled U2F in favor of WebAuthn in their recent release?

Eh.. to help anybody maybe investigating an issue: Which OS and browser are you using? Maybe some of the Forgejo devs know, if it could be related to Gitea deprecating U2F in favor of WebAuthn (last year) and Firefox also disabled U2F in favor of WebAuthn in their recent release?

Marix commented 2023年04月19日 15:47:44 +02:00

That is an excellent question. I am using Firefox 102.10.0esr on openSUSE Leap 15.4.

That is an excellent question. I am using Firefox 102.10.0esr on openSUSE Leap 15.4.

captainepoch commented 2023年04月19日 16:07:36 +02:00

Could you try on Chromium, for example?

Could you try on Chromium, for example?

Marix commented 2023年04月19日 21:44:59 +02:00

So I tried with Chromium, and curiously that gives me a slightly different error message, telling me that my key is not registered on that site.

With Chromium, too, the keys work on other sites.

So I tried with Chromium, and curiously that gives me a slightly different error message, telling me that my key is not registered on that site. With Chromium, too, the keys work on other sites.

silverwind commented 2023年05月16日 00:54:29 +02:00

https://github.com/go-gitea/gitea/pull/22697 might be related, I'm not sure.

https://github.com/go-gitea/gitea/pull/22697 might be related, I'm not sure.

n0toose commented 2023年05月16日 10:30:09 +02:00

Hesitantly adding upstream tag.

Hesitantly adding upstream tag.