-
-
Notifications
You must be signed in to change notification settings - Fork 4.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Passwordless WebAuthn with Nitrokey 3 does not work #34476
Comments
Please try updating your Nitrokey 3. |
Thanks, as soon as this bug https://github.com/Nitrokey/pynitrokey/issues/272 is fixed I will try this! |
Checked the firmware version with an linux-livecd, it's already the latest version 1.2.2 for the nitrokey 3. |
I cannot reproduce this issue with a Nitrokey 3 CN running firmware version 1.2.0 on cloud.nitrokey.com. For me, all steps (registration, passwordless login, 2FA) work. |
The Edit: when decoded, it takes only 196 bytes (compare with |
The nextcloud security scanner says cloud.nitrokey.com uses Nextcloud 23.0.9.1, I use Nextcloud 24.0.6.1. Used this as an dirty "bugfix": |
|
I have the same problem when attempting to register a Nitrokey 3A Mini. I'm using v1.2.2 of the firmware and Nextcloud 25. Other websites work just fine.
|
There is a comment by @tbpoetke on the Two-Factor WebAuthn repository that may provide insight to fixing this issue:
|
same error here with nitrokey 3A mini. latest 1.3.1 firmware, and tested on nc25 and nc24 one more precision to give :
|
This comment was marked as resolved.
This comment was marked as resolved.
Error still exists in 26.0.2. Tested with FF 113.0.2 and Chrome 114. |
Seeing this issue with Nitrokey 3C and current firmware 1.4.0 on managed Nextcloud instance |
Nextcloud 27.0.0 and the error still exists. |
until public_key_credential_id field length remains 255 long as per the initial field creation in this migration, this error will still exist,... |
So the workaround is to set field to 512. |
Just 300 is enough, as per #34476 (comment). |
Can confirm. Same issue when using Solokeys and NC 26.0.5. |
Hi @szaimen @ChristophWurst is the possible fix from PR #36769 only blocked because of #36769 (comment) ? |
* Resolves #34476 There is no maximum length defined in the standard, most common the length is between 128 and 200 characters, but as we store it not in plain data but base64 encoded the length can grow about 1/3. We had a regression with 'Nitrokey 3' which created IDs with 196 byte length -> 262 bytes encoded base64. So to be save we increase the size to 512 bytes. Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
* Resolves #34476 There is no maximum length defined in the standard, most common the length is between 128 and 200 characters, but as we store it not in plain data but base64 encoded the length can grow about 1/3. We had a regression with 'Nitrokey 3' which created IDs with 196 byte length -> 262 bytes encoded base64. So to be save we increase the size to 512 bytes. Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de> [skip ci]
* Resolves #34476 There is no maximum length defined in the standard, most common the length is between 128 and 200 characters, but as we store it not in plain data but base64 encoded the length can grow about 1/3. We had a regression with 'Nitrokey 3' which created IDs with 196 byte length -> 262 bytes encoded base64. So to be save we increase the size to 512 bytes. Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
* Resolves #34476 There is no maximum length defined in the standard, most common the length is between 128 and 200 characters, but as we store it not in plain data but base64 encoded the length can grow about 1/3. We had a regression with 'Nitrokey 3' which created IDs with 196 byte length -> 262 bytes encoded base64. So to be save we increase the size to 512 bytes. Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de> [skip ci]
* Resolves #34476 There is no maximum length defined in the standard, most common the length is between 128 and 200 characters, but as we store it not in plain data but base64 encoded the length can grow about 1/3. We had a regression with 'Nitrokey 3' which created IDs with 196 byte length -> 262 bytes encoded base64. So to be save we increase the size to 512 bytes. Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
* Resolves #34476 There is no maximum length defined in the standard, most common the length is between 128 and 200 characters, but as we store it not in plain data but base64 encoded the length can grow about 1/3. We had a regression with 'Nitrokey 3' which created IDs with 196 byte length -> 262 bytes encoded base64. So to be save we increase the size to 512 bytes. Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
* Resolves #34476 There is no maximum length defined in the standard, most common the length is between 128 and 200 characters, but as we store it not in plain data but base64 encoded the length can grow about 1/3. We had a regression with 'Nitrokey 3' which created IDs with 196 byte length -> 262 bytes encoded base64. So to be save we increase the size to 512 bytes. Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
* Resolves #34476 There is no maximum length defined in the standard, most common the length is between 128 and 200 characters, but as we store it not in plain data but base64 encoded the length can grow about 1/3. We had a regression with 'Nitrokey 3' which created IDs with 196 byte length -> 262 bytes encoded base64. So to be save we increase the size to 512 bytes. Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
* Resolves #34476 There is no maximum length defined in the standard, most common the length is between 128 and 200 characters, but as we store it not in plain data but base64 encoded the length can grow about 1/3. We had a regression with 'Nitrokey 3' which created IDs with 196 byte length -> 262 bytes encoded base64. So to be save we increase the size to 512 bytes. Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
* Resolves #34476 There is no maximum length defined in the standard, most common the length is between 128 and 200 characters, but as we store it not in plain data but base64 encoded the length can grow about 1/3. We had a regression with 'Nitrokey 3' which created IDs with 196 byte length -> 262 bytes encoded base64. So to be save we increase the size to 512 bytes. Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
* Resolves #34476 There is no maximum length defined in the standard, most common the length is between 128 and 200 characters, but as we store it not in plain data but base64 encoded the length can grow about 1/3. We had a regression with 'Nitrokey 3' which created IDs with 196 byte length -> 262 bytes encoded base64. So to be save we increase the size to 512 bytes. Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
* Resolves #34476 There is no maximum length defined in the standard, most common the length is between 128 and 200 characters, but as we store it not in plain data but base64 encoded the length can grow about 1/3. We had a regression with 'Nitrokey 3' which created IDs with 196 byte length -> 262 bytes encoded base64. So to be save we increase the size to 512 bytes. Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
* Resolves #34476 There is no maximum length defined in the standard, most common the length is between 128 and 200 characters, but as we store it not in plain data but base64 encoded the length can grow about 1/3. We had a regression with 'Nitrokey 3' which created IDs with 196 byte length -> 262 bytes encoded base64. So to be save we increase the size to 512 bytes. Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
Bug description
Tried to setup password-less webauthn with a new Nitrokey 3 results in an exception:
OC\DB\Exceptions\DbalException: An exception occurred while executing a query: SQLSTATE[22001]: String data, right truncated: 1406 Data too long for column 'public_key_credential_id' at row 1
Steps to reproduce
Expected behavior
Nextcloud would add the new webauthn device or shows a error message at least.
Installation method
Community Docker image
Operating system
Debian/Ubuntu
PHP engine version
PHP 8.0
Web server
Apache (supported)
Database engine version
MariaDB
Is this bug present after an update or on a fresh install?
Updated to a major version (ex. 22.2.3 to 23.0.1)
Are you using the Nextcloud Server Encryption module?
Encryption is Disabled
What user-backends are you using?
Configuration report
List of activated Apps
Nextcloud Signing status
Nextcloud Logs
Additional info
Client: Windows 11 22H2, Firefox 105
The text was updated successfully, but these errors were encountered: