twofactor_webauthn icon indicating copy to clipboard operation
twofactor_webauthn copied to clipboard
verified publisher icon nextcloud

Trustkey G310 registration doesn't work on Chrome

Open andreas-p opened this issue 3 years ago • 3 comments

This was tested with the latest Chrome 103 and Firefox 101 on NC24.0.2.

Registering the Trustkey with Chrome 103 for FIDO2 or 2FA doesn't work, because the public_key_credential_id field in oc_twofactor_webauthn_registrations and oc_webauthn are only VARCHAR(255), while the string to be stored is 256 bytes long. After resizing the column in both tables, both FIDO2 and 2FA logins work from Firefox or Chrome.

andreas-p avatar Jun 29 '22 11:06 andreas-p

Hotfix for PostgreSQL:

ALTER TABLE oc_twofactor_webauthn_registrations ALTER COLUMN public_key_credential_id TYPE VARCHAR(256);
ALTER TABLE oc_webauthn ALTER COLUMN public_key_credential_id TYPE VARCHAR(256);

andreas-p avatar Jul 01 '22 08:07 andreas-p

Same for Mysql / MariaDB:

ALTER TABLE oc_twofactor_webauthn_registrations MODIFY public_key_credential_id VARCHAR(256);
ALTER TABLE oc_webauthn MODIFY public_key_credential_id VARCHAR(256);

skwee avatar Jul 01 '22 08:07 skwee

The standard does not mandate a maximum size for credential ids. We only tested this using Yubikeys and their keys always fitted inside the table column.

I guess we should increase the width of the column.

Ref https://www.w3.org/TR/webauthn/#credential-id

st3iny avatar Jul 05 '22 10:07 st3iny