nextcloud
NFC transport type not supported on Android
I'm using passwordless authentication (webauthn passkeys) with Nextcloud AIO and ran into some strange behavior.
Steps to reproduce
- register 2 different NFC passkeys with account using desktop web client
- also associate NFC fido u2f security key with account using desktop web client
- attempt to "log in with device" on Android chrome browser, be offered only usb authenticator option, no NFC
- attempt to "log in with device" on desktop web client and OS does not restrict NFC transport option
Expected behaviour
Android should offer NFC when I select "other device".
Actual behaviour
In looking at the codebase, it appears what should happen is that the authentication request should be made using the same transport which was used to register the token. No doubt this is to help reduce confusion when it comes to user prompts given by the OS in question. However, this is causing a problem as Android is not offering NFC as transport option and only allows me to select / use a USB security key.
Server configuration
Nextcloud AIO virtual machine image
Nextcloud version: Nextcloud Hub 10 (31.0.9)
In my opinion, transport types should be omitted entirely. Is there a technical reason to even bother hinting the browser at which transports to accept? If omitted, the browser should offer all transport types available to the user. It appears in trying to make things easier for users by reducing transport types to only registered token types, it's causing more problems than its worth?
Hi, thank you for the report.
This is a request for the server repository. The twofactor_webauthn repository is hosting the code for using Webauthn devices as second factors, not the passwordless authentication.
