Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Doesn't work with 1Password #8

Closed
a-stankevich opened this issue Feb 22, 2024 · 4 comments · Fixed by #11
Closed

Doesn't work with 1Password #8

a-stankevich opened this issue Feb 22, 2024 · 4 comments · Fixed by #11
Labels
demo

Comments

@a-stankevich
Copy link

On Firefox 122 with 1Password extension.

Steps to reproduce

  1. Go to https://webauthn.dodo.dev/usernameless or https://webauthn.dodo.dev/passwordless
  2. Enter Username and click "Register"
  3. Complete passkey registration in 1Password
  4. Click "Sign In" and use 1Password passkey
  5. The page says {"":["The authentication ceremony completed with an error"]}

This works fine on passkeys.io and fido2-net-lib.passwordless.dev
@vanbukin
Copy link
Contributor

It seems like there's a bug in Firefox, or possibly the 1Password extension for it, because errors occur on the JavaScript side when reading the PublicKeyCredential.
The issue did not reproduce in Chrome with the 1Password extension, or in "raw" Firefox.

The 1Password extension in Firefox substitutes existing browser APIs with its own functions and returns objects that correspond to those in the native browser API.

The problem occurs because the call to the method response.getAuthenticatorData() for the PublicKeyCredential object (which is returned in case of successful resolution of navigator.credentials.create or navigator.credentials.get promises), returns a Restricted object (you can get more details in the browser's own debugger). Because of this, the method of user registration completion is not called, hence the absence of an alert about successful registration (since it didn't complete at all).

The examples from passkeys.io and fido2-net-lib.passwordless.dev run smoothly because they simply don't call the methods of the PublicKeyCredential object, as they were developed for earlier versions of the specification.

@vanbukin
Copy link
Contributor

The most we can do for such a situation is to adjust the demo example so that a corresponding alert appears when an exception occurs. In the case of widespread use of the Firefox + 1Password combination in production, there's a workaround which consists of ignoring the invocation of getAuthenticatorData() in your JavaScript code.

@a-stankevich
Copy link
Author

Do I understand correctly that it's a bug in 1Password passkey implementation?

@vanbukin
Copy link
Contributor

In 1Password Firefox extension

@Keroosha Keroosha mentioned this issue Mar 22, 2024
Merged
@vanbukin vanbukin added the demo label Mar 23, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
demo
Projects
None yet
Milestone
No milestone
2 participants
@a-stankevich @vanbukin