Page MenuHomePhabricator
Create Task
Maniphest T244347

Webauthn: key unknown (due to not using the same site)
Closed, InvalidPublic
Actions

Description

In the image below you can see that after registering a FIDO2-key I cannot login via private mode (I also cannot login on another pc). It still works to disable the key and remove 2fa. Login on Github and Google works fine with this key.

Webauthn failed.png (659×1 px, 40 KB)

Event Timeline

Der_Keks created this task.Feb 5 2020, 12:16 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptFeb 5 2020, 12:16 PM
Aklapper added a comment.Feb 5 2020, 12:27 PM

Can you please provide a clear and complete list of steps that allow someone else to reproduce the problem without having to interpret anything, step by step? Also see https://www.mediawiki.org/wiki/How_to_report_a_bug - thanks.

Der_Keks closed this task as Resolved.Feb 5 2020, 12:41 PM
Der_Keks claimed this task.

After iterating trough the process multiple times I realized that Webauthn doesn't work crosswiki. It work's only in the same wiki I registered the key.

Do you really wanted me to copy&paste the setup-steps described in https://meta.wikimedia.org/wiki/Special:Manage_Two-factor_authentication???

Der_Keks removed Der_Keks as the assignee of this task.Feb 5 2020, 12:41 PM
Aklapper changed the task status from Resolved to Invalid.Feb 5 2020, 4:58 PM
In T244347#5851914, @Der_Keks wrote:

Do you really wanted me to copy&paste the setup-steps described in https://meta.wikimedia.org/wiki/Special:Manage_Two-factor_authentication???

@Der_Keks: No, I am not "really" asking you to copy and paste content. I asked you to follow https://www.mediawiki.org/wiki/How_to_report_a_bug and provide a clear list of steps to reproduce a problem, for example mentioning that you used https://meta.wikimedia.org/wiki/Special:Manage_Two-factor_authentication (?) though your screenshot implies that you are not on meta.wikimedia.org at all but maybe on de.wikipedia.org. Nobody knows, except for you, so everyone else has to guess.

Der_Keks added a comment.Feb 5 2020, 5:03 PM

Ok you're right, I thought it's the same backend architecture then TOTP. Will do it better next time :)

Aklapper renamed this task from Webauthn: key unknown to Webauthn: key unknown (due to not using the same site).Feb 15 2020, 4:41 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL