twofactor_webauthn icon indicating copy to clipboard operation
twofactor_webauthn copied to clipboard
verified publisher icon nextcloud

Not posible to register a key for an IP address

Open ms74ro opened this issue 10 months ago • 3 comments

It is necessary to bypass two-factor authentication for the local IP of the server, I cannot use my Yubikey to access the server on the local IP.

Thank you!

ms74ro avatar Mar 02 '25 19:03 ms74ro

Hi, thanks for the issue.

Generally, each key registration is bound to a specific domain. This is mandated by the standard and we can't work around it. If you want the key to also work on your local IP you would need to register it again. It is possible to register the same key twice.

st3iny avatar Mar 03 '25 12:03 st3iny

Unfortunately I can't add a Security key for an IP Image

ms74ro avatar Mar 13 '25 15:03 ms74ro

I'm sorry for the delay. Thanks for testing IP addresses.

I'll try to reproduce this and think about a fix.

st3iny avatar May 09 '25 12:05 st3iny

I was able to reproduce your problem locally and read about it in the WebAuthn documents.

The specs only allow domain names to be used as the relying party identification. In other words, it is not allowed to register keys when using an IP address as the "host name". You must use a valid domain.

Ref https://www.w3.org/TR/webauthn-2/#relying-party-identifier

Therefore, I'm closing this as won't fix.

st3iny avatar May 19 '25 08:05 st3iny