Gitea: FireFox U2F Dongle Not Detected

Created on 23 Oct 2018 · 19Comments · Source: go-gitea/gitea

Gitea version (or commit ref): 1.5.2
Git version: 2.11.0
Operating system: Debian Stretch
Database (use [x]):
- [ ] PostgreSQL
- [ ] MySQL
- [ ] MSSQL
- [x] SQLite3
Can you reproduce the bug at https://try.gitea.io:
- [ ] Yes (provide example URL)
- [ ] No
- [x] Not relevant
Log gist:

Description

When attempting to add a YubiKey with FireFox it reports that it is not supported. I have it enabled in about:config, security.webauth.u2f;true.

Screenshots

kinbug revieweconfirmed

Source

gudenau

All 19 comments

When do this alert appears? Instant, when you click on your key or after approx. 30 seconds?

Did you installed the drivers for your "YubiKey"?

jonasfranz on 23 Oct 2018

Sorry, was preoccupied.

The drivers are loaded, this is Linux and it works on GitHub. That message appears as soon as you hit the add button.

gudenau on 23 Oct 2018

I cannot reproduce it since I don't have the hardware you used. Could you please specify your browser version and hardware?

jonasfranz on 26 Oct 2018

Firefox v63.0 (64-bit)

YubiKey NEO and YubiKey 4 I think.

gudenau on 28 Oct 2018

Firefox 61+ uses WebAuthN, which is different from the U2F Javascript API that Chrome introduced. I haven't taken a look through Gitea's code, but that might be why it doesn't detect the security key - it uses the older (deprecated) API rather than the newer standardized one.

nogweii on 13 Nov 2018

Works for me with YubiKey 5 on both Firefox 63 and Chrome on Windows and Linux

lafriks on 13 Nov 2018

I can confirm it works on try.gitea.io as expected with Firefox and Fedora 29 here. (with security.webauth.u2f enabled obviously – as it has been said the new WebAuthn API is not yet supported by Gitea)

rugk on 27 Nov 2018

I am seeing the same error on Ubuntu 18.04 + Chrome 71.0.3578.98 .

u2f-chrome

tamalsaha on 13 Jan 2019

@tamalsaha Did you enable security.webauth.u2f in about:config in Firefox?

Otherwise it won't work, as gitea still uses the legacy u2f API, instead of WebAuthn.

rugk on 13 Jan 2019

👍1

I am using Chrome. I can use U2F with Google services from this same Chrome installation.

tamalsaha on 13 Jan 2019

Sorry, but this issue here is about Firefox. Better create a new issue then, if you encounter problems.

rugk on 13 Jan 2019

Thanks. I have filed #5720

tamalsaha on 13 Jan 2019

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs during the next 2 weeks. Thank you for your contributions.

stale[bot] on 14 Mar 2019

No bot, this is still an issue. And it will be. It's a bug, after all…

rugk on 14 Mar 2019

👍1

Just to report that I had the same issue when using Firefox Nightly 64.0a1 (2018-09-09) with a Yubikey NEO and enabeling security.webauth.u2f, as @rugk recommended, fixed it.

bricewge on 19 Mar 2019

👍1

@gudenau does it still not work ?
mine work fine ...

6543 on 24 Oct 2019

Confirmed that this is still an issue as pictured above on Firefox 70.0.1 on Manjaro Linux as well as latest Firefox developer addition on MacOS (latest Catalina). I have security.webauth.u2f set to true and use it on many other sites.

EDIT: Nevermind, it's an https issue (was over http)