lbuchs
The operation either timed out or was not allowed.
For some reason, I'm getting this error on login from navigator.credentials.create. This happen sometimes and for some accounts but not for others. Can you tell what is the reason/source of this error? Here's the code
try {
$WebAuthn = new lbuchs\WebAuthn\WebAuthn('Project Name', 'ProjectDomain', ['none']);
$createArgs = $WebAuthn->getCreateArgs($customer['id'], $email, $customer['name'], 120, 'required', 'required', null);
$challenge = $WebAuthn->getChallenge();
$_SESSION['login-challenge'] = [
'challenge' => $challenge->getBinaryString(),
'userId' => $customer['id'],
'email' => $email
];
echo json_encode([
'actionRequired' => 'newDevice',
'createArgs' => $createArgs
]);
} catch (Exception $e) {
echo '{"error":"'.$e->getMessage().'"}';
}
This response from php is provided to js
if(pubKeyCredOpts.actionRequired == 'newDevice'){
recursiveBase64StrToArrayBuffer(pubKeyCredOpts.createArgs);
navigator.credentials.create(pubKeyCredOpts.createArgs).then(cred => {
const publicKeyCredential = {
transports: cred.response.getTransports ? cred.response.getTransports() : null,
clientDataJSON: cred.response.clientDataJSON ? arrayBufferToBase64(cred.response.clientDataJSON) : null,
attestationObject: cred.response.attestationObject ? arrayBufferToBase64(cred.response.attestationObject) : null
};
// step 4 request
verifyCreds('NewDevice', publicKeyCredential);
}).catch(err => {
handleError(err); <- This is executed showing the error
});
}
a not allowed error could mean that the user has no device to register passkeys.
Does this mean that the biometric hardware on the device is unavailable for some reason?
I think on Windows it can happen when Windows Hello has not been set up and you don't have any other device (USB key, NFC, Bluetooth etc.)
I've mostly seen it on android though. When I started field testing it, on some phones folks had the fingerprint setup to unlock the phone but when registering on my website, they get this error.
I does not work with Samsung A41 Android 12 with Chrome 128 & Firefox 132
The "new registration" does not work, it throw "The operation either timed out or was not allowed." at https://webauthn.lubu.ch/_test/client.html but it does not work too on https://webauthn.io/, https://www.passkeys.io/, https://webauthn.me/ :disappointed:
update:
- it does not work with Android 12 but it works with Android 14.
- if this test page is a reference, it gives bad news for my device : https://featuredetect.passkeys.dev/
On Android 14 the registration is working but not the authentication.
Tested with brave and chrome.
Getting the same on Chrome on a Mac the navigator.credentials.create step fails even on https://webauthn.lubu.ch/_test/client.html it is always "something went wrong the request timed out...
catch (err) {
reloadServerPreview();
console.log("createRegistration() ERROR: ", err);
window.alert(err.message || 'unknown error occured');
}
results in
createRegistration() ERROR: NotAllowedError: The operation either timed out or was not allowed. See: https://www.w3.org/TR/webauthn-2/#sctn-privacy-considerations-client.
@lbuchs, this seems to be an ongoing "issue". Is it the same as mine?
If navigator.credentials.create() can't work, can this even work? Do we have any idea how to resolve so navigator.credentials.create() functions rather than time out 100% of the time?
It looks like virtual authenticator on Chrome lets create() run... but then other errors at leat for me, hince the other issue opened. Those errors with challenge are not on the DEMO if virtual authenticator is enabled... but end users wont know to turn on this tool... so what is needed to make it "end user" friendly? as far as "authenticator"?