authentik
authentik copied to clipboard
goauthentik
Webauthn not working with M1 Macs
Describe the bug On M1 MacBooks, the Webauthn feature seems to be broken. On iPhones and Intel Macs, however this feature seems to be working on the same instance.
To Reproduce Steps to reproduce the behavior:
- Go to ' User Settings'
- Click on 'MFA '
- Enroll4.
- Presented with error message: Error: Error creating credential: NotAllowedError: This request has been cancelled by the user.5.
- Click on 'Register Device' (again)'
- Presented with error message: InvalidCharacterError: The string contains invalid characters.7.
Expected behavior Mac popup 'touch ID' and registering the webauthn
Screenshots
Logs Client Logs
[Error] Error: Error creating credential: NotAllowedError: This request has been cancelled by the user.
(anonymous function) — WebAuthnAuthenticatorRegisterStage.ts:67
c — runtime.js:70
(anonymous function) — runtime.js:308
kn — asyncToGenerator.js:17
p — asyncToGenerator.js:32
promiseReactionJob
(anonymous function) (WebAuthnAuthenticatorRegisterStage-7d94127b.js:1:9455)
promiseReactionJob
[Debug] authentik/ws: connected to wss://_auth.domain.com_/ws/client/ (FlowInterface.js, line 1)
> Selected Element
< <p class="pf-m-block">…</p>
[Error] InvalidCharacterError: The string contains invalid characters.
atob
a — utils.ts:29
(anonymous function) — WebAuthnAuthenticatorRegisterStage.ts:52:82
c — runtime.js:70
(anonymous function) — runtime.js:308
kn — asyncToGenerator.js:17
i — asyncToGenerator.js:32
(anonymous function) — asyncToGenerator.js:32
Promise
(anonymous function) — asyncToGenerator.js:29
(anonymous function) — WebAuthnAuthenticatorRegisterStage.ts:90
c — runtime.js:70
(anonymous function) — runtime.js:308
kn — asyncToGenerator.js:17
i — asyncToGenerator.js:32
(anonymous function) — asyncToGenerator.js:32
Promise
(anonymous function) — asyncToGenerator.js:29
(anonymous function) — WebAuthnAuthenticatorRegisterStage.ts:130
handleEvent — lit-html.ts:2047
(anonymous function) (WebAuthnAuthenticatorRegisterStage-7d94127b.js:1:9455)
promiseReactionJob
Server logs Not applicable (nothing relevant),
Version and Deployment (please complete the following information):
- authentik version: 2022.6.2
- Deployment: docker-compose
Additional context I remember my bank's website stating they were also having an issue with M1 Macs on their Webauthn.
Works flawless on my Macbook Air M1 and my Macbook Pro with M1 Max Chip with Brave (Chromium). 🤷♂️
What browser you are using?
Works flawless on my Macbook Air M1 and my Macbook Pro with M1 Max Chip with Brave (Chromium). 🤷♂️
What browser you are using?
I am using Safari, maybe that's the issue?
Here is an additional debug message I have found from my client console:
User gesture is not detected. To use the WebAuthn API, call 'navigator.credentials.create' within user activated events.
6.3 Seems to have partially fixed this problem! it is now possible to add a Webauthn Device on a M1 Mac on Safari! However, safari (I believe) have a security feature that require users to press a button to engage the Webauthn Dialogue. Therefore when clicking 'Register' it will give an error, it is only when trying again and clicking on 'Try again' that it works.
https://user-images.githubusercontent.com/66959271/175304281-6d894274-72e0-4d3c-942f-1a5b85df7b48.mov
Here is a video of what I mean
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
![stale[bot] avatar](https://avatars.githubusercontent.com/in/1724?v=4 "Published by a pub.dev verified publisher"){kind=small}
All this is using Safari! Cheers!
On 10 Jun 2022, at 19:07, Dave @.***> wrote:
Works flawless on my Macbook Air M1 and my Macbook Pro with M1 Max Chip with Brave (Chromium). 🤷♂️
What browser you are using?
— Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you authored the thread.