Rocket.Chat.ReactNative icon indicating copy to clipboard operation
Rocket.Chat.ReactNative copied to clipboard
verified publisher icon RocketChat

The OAuth login browser window does not support WebAuthn on Android

Open krzys-h opened this issue 3 years ago • 2 comments

Description:

We use Keycloak as an authentication provider for Rocket.Chat via OAuth. Users who set up 2FA via WebAuthn (e.g. YubiKey) are unable to log in, because the WebView window that Rocket.Chat opens for OAuth logins does not support WebAuthn.

Not supporting WebAuthn in WebView seems to be an intentional design decision. The recommendation seems to be that Android Custom Tabs should be used for OAuth flows in native apps instead. See RFC 8252 and this excellent video from Google. Implementing it this way also has an additional benefit of allowing the user to skip the login with external provider if they are already signed in the browser. Also see a related issue in the ownCloud native app: https://github.com/owncloud/android/issues/2036

Environment Information:

  • Rocket.Chat Server Version: 4.4.1
  • Rocket.Chat App Version: 4.26.2.30996
  • Device Name: Samsung Galaxy S8+
  • OS Version: Android 9

Steps to reproduce:

  1. Setup an OAuth authentication provider which uses WebAuthn
  2. Try to log in using the mobile app

Expected behavior:

The login flow works

Actual behavior:

The login flow fails with a "WebAuthn not supported" error.

krzys-h avatar Apr 01 '22 12:04 krzys-h

That's interesting. We've been talking about the solution you mentioned. Thanks for reporting this.

diegolmello avatar Apr 01 '22 14:04 diegolmello

Subscribe

samuk avatar Jul 22 '22 12:07 samuk

Is there any progress on this?

KramNamez avatar Sep 05 '23 08:09 KramNamez