Closed Bug 1852812 Opened 2 years ago Closed 2 years ago

Can't register nitrokey 3 security key on PyPi

Categories

(Core :: DOM: Web Authentication, defect, P1)

Product:
Core
Component:
DOM: Web Authentication
Version:
Firefox 117
Platform:
x86_64
Linux
Type:
defect

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: fabien.michel, Assigned: jschanck)

References

Details

User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/117.0

Steps to reproduce:

  1. Login into my pypi.org account and go to 2FA configuration
  2. Try to add a nitrokey 3 mini or nitrokey 3a security USB key as 2FA mecanism

Actual results:

The website raise the following error: Unsupported credential public key type "OKP"

Expected results:

The key can be registered without any issue as it does with Chromium.

Notes:
0. It works with Chromium Version 117.0.5938.48 (Official Build) Arch Linux (64-bit). I haven't tested other browsers.

  1. After the key is registered from Chromium, I'm able to login using 2FA and the security key with Firefox.
  2. The security key works without problem with Firefox on Github, Google or Microsoft accounts.
  3. I've also filled a bug on PyPi: https://github.com/pypi/warehouse/issues/14520 and the PyPi team filled an issue on py_webauthn library (used by pypi to auth with security keys): https://github.com/duo-labs/py_webauthn/issues/175
OS: Unspecified → Linux
Hardware: Unspecified → x86_64

The Bugbug bot thinks this bug should belong to the 'Core::DOM: Web Authentication' component, and is moving the bug to that component. Please correct in case you think the bot is wrong.

Component: Untriaged → DOM: Web Authentication
Product: Firefox → Core

This sounds like authenticator-rs #292. Can you try Firefox 118?

Depends on: 1850025
See Also: → https://github.com/mozilla/authenticator-rs/pull/292

Actually the earliest version that this might be fixed in is 119, not 118.

Assignee: nobody → jschanck
Severity: -- → S2
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true
Priority: -- → P1
See Also: → https://github.com/mozilla/authenticator-rs/pull/309

With Firefox nightly 119, I now get the following error : Leftover bytes detected while parsing authenticator data

No longer depends on: 1850025
Depends on: 1853061

Thanks! We have a patch for that upstream and we'll merge it in the 119 cycle.

Depends on: 1853711

Could you try with the latest nightly?

I can't reproduce the problem with the latest nightly. Thanks for your responsiveness!

Status: ASSIGNED → RESOLVED
Closed: 2 years ago
Resolution: --- → FIXED
Duplicate of this bug: 1855261
You need to log in before you can comment on or make changes to this bug.