WebClients icon indicating copy to clipboard operation
WebClients copied to clipboard

Published 20 hours ago verified publisher icon ProtonMail

Allow passkeys for insecure domain (`localhost`)

Open Spomky opened this issue 1 year ago • 3 comments

We are happy to answer your questions about the code or discuss technical ideas.

Please complete the following checklist (by adding [x]):

  • [x] I have searched open and closed issues for duplicates
  • [x] This isn't a feature request
  • [x] This is not a report about my app not working as expected

Hi,

I would like to test an application with authenticators that are backed up like the ones managed by ProtonPass. During the registration process, I am facing the following message:

failed to generate passkey: InsecureLocalhostNotAllowed

2024-07-15_18h47_31

Please note that the browser (Chrome 126) considers the domain is secure (HTTPS with a trusted root CA).

2024-07-15_18h50_51

❓ Question: How to allow the creation of passkeys on localhost? Is there any option to turn on/off?

Spomky avatar Jul 15 '24 16:07 Spomky

Same here on Firefox 131.0.3 (aarch64)

Salamafet avatar Oct 16 '24 16:10 Salamafet

Can a maintainer please take a look at this issue? @D-Bao?

james-pre avatar Mar 31 '25 03:03 james-pre

I am also running into this issue.

cfischbeck avatar May 23 '25 20:05 cfischbeck

As per the official W3C spec, the RP ID (Relying Party Identifier) can definitely be localhost -> https://www.w3.org/TR/webauthn-3/#relying-party-identifier. That's clearly a blocker for local development :).

yamafaktory avatar Jul 27 '25 09:07 yamafaktory

thanks proton to blocking local development

arshx86 avatar Sep 27 '25 19:09 arshx86

Bumping

bgub avatar Oct 12 '25 07:10 bgub