kr-u2f
kr-u2f copied to clipboard
kryptco
Failing to log in using Firefox
Since a few days I've been unable to log in using Firefox (https://twitter.com/magthe/status/1282555307919585281?s=20).
Computer
OS: Linux (ArchLinux, 5.7.8-arch1-1) Browser: Firefox 78.0.2 (64-bit) (I've tried 78.0 and 78.0.1 too) Add-on version: 1.0.18
Mobile
Android: 10 Make and model: Mi A2 App version: 2.5.5
Behaviour
When trying to log in the phone app says I'm logged in but the site never moves past the login page.
I see the following in the browsers console:
wrap failed with error: EvalError: call to eval() blocked by CSP content_script.js:14166:17
injectU2fInterface moz-extension://afa8a50f-8845-4db0-9c46-6ee4fd7c0dfa/js/content_script.js:14166
679 moz-extension://afa8a50f-8845-4db0-9c46-6ee4fd7c0dfa/js/content_script.js:13877
__webpack_require__ moz-extension://afa8a50f-8845-4db0-9c46-6ee4fd7c0dfa/js/content_script.js:20
<anonymous> moz-extension://afa8a50f-8845-4db0-9c46-6ee4fd7c0dfa/js/content_script.js:63
<anonymous> moz-extension://afa8a50f-8845-4db0-9c46-6ee4fd7c0dfa/js/content_script.js:66
Content Security Policy: The page's settings blocked the loading of a resource at eval ("script-src").
I think we've isolated this issue. Working on a fix for this now. Thanks for reporting it.
Also reported as an issue for safari on GitHub...will also work to address this.
It's been quiet on this issue. I just tried again with Firefox 81 and I still see this issue.
Similar, I have actually been forced to not use krypton for login because of this.
Similar, I have actually been forced to not use krypton for login because of this.
Same here, but I've not managed to find something quite as convenient. The one I found, that suits me the best is oathtool :disappointed:
Is there someone else making something like Krypton?
Cannot log in, tried removing, and adding once again - Krypton on iOS says OK! But Github immediately says:
⚠️ Security key registration failed. Try again.
One time codes in Krypton work, however. But not all github actions ask for a code when it thinks you have a key....
FB also seems to be stuck.
All started after a restore from backup I did on macOS yesterday.
FF 82.0.2 macOS 10.15.7 iOS 14.1
Edit: FF console reports:
Uncaught (in promise) TypeError: t.getClientExtensionResults is not a function
b8 webauthn-json.js:1
b8 webauthn-json.js:1
fe security-keys.ts:145
he security-keys.ts:154
execute security-keys.ts:158
X index.js:96
webauthn-json.js:1:2009
Uncaught (in promise) TypeError: t.getClientExtensionResults is not a function
b8 webauthn-json.js:1
b8 webauthn-json.js:1
fe security-keys.ts:145
he security-keys.ts:154
execute security-keys.ts:158
X index.js:96
webauthn-json.js:1:2009
reloaded and tried again, got this:
Uncaught (in promise) TypeError: t.getClientExtensionResults is not a function
b8 webauthn-json.js:1
b8 webauthn-json.js:1
fe security-keys.ts:145
he security-keys.ts:154
execute security-keys.ts:164
X index.js:96
o index.js:113
execute autosearch-form.ts:27
register/e[i]< system-lite.js:20
promise callback*register system-lite.js:19
<anonymous> behaviors-02423112.js:1
webauthn-json.js:1:2009
third reload and try:
Uncaught (in promise) TypeError: t.getClientExtensionResults is not a function
b8 webauthn-json.js:1
b8 webauthn-json.js:1
fe security-keys.ts:145
he security-keys.ts:154
execute security-keys.ts:164
X index.js:96
o index.js:113
execute autosearch-form.ts:27
register/e[i]< system-lite.js:20
promise callback*register system-lite.js:19
<anonymous> behaviors-02423112.js:1
webauthn-json.js:1:2009
Edit 2: I can add the security key to github via Chrome, and log in with the key via Chrome, just not via FF. Seems the problem is exclusive to the FF addon.
Edit 3: Tested with Krypton extension v 1.0.18 (both Chrome and FF)
Edit 4: Github login produces something similar
Uncaught (in promise) TypeError: t.getClientExtensionResults is not a function
az webauthn-json.js:1
az webauthn-json.js:1
execute u2f-login.ts:52
X index.js:96
o index.js:113
execute ajax-error.ts:51
register/e[i]< system-lite.js:20
promise callback*register system-lite.js:19
<anonymous> chunk-frameworks-0b5011cb.js:1
webauthn-json.js:1:2208
There has been zero activity from the organization since their acquisition by Akamai. Don't hold your breath for an update. It's just another story of a promising start-up being bought up and canceled by a big internet player.
More updates coming soon.
— Alex Grinman, Co-founder krypt.co
That's what you thought, Alex, but that's not how it works in the Game.
Now it looks like it stopped working in Chromium too. It was nice while it lasted, but if it's not working on either of the browsers I use forces me to use something else.
Hi everyone -- there's a known issue with GitHub and Firefox, and we haven't been able to address it yet, but everything else should be working (like chromium). There was a issue with push certificates we addressed just recently so please let me know if chromium is still not working...
Just want to reiterate that we're still absolutely supporting Krypton. There's SO much coming, please stay tuned. We can't reply to github issues all the time and there's definitely edge cases we're missing, but we have been updating the public extension versions periodically (though the code releases here are delayed).
Feels like as long as I've been using FF, Github has been without issue. Oh well.
Use WebAuthn?
https://blog.mozilla.org/blog/2020/08/20/password-security-part-iv-webauthn/ https://github.blog/2019-08-21-github-supports-webauthn-for-security-keys/
RIP krypton. Shame really as it had great use cases
On 20 Jan 2021, at 14:30, Paul Dee [email protected] wrote:
Still a problem.... ☹️
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub, or unsubscribe.
