Giters

bitwarden / android

Bitwarden mobile apps (Password Manager and Authenticator) for Android.

Home Page:https://bitwarden.com

Repository from Github https://github.combitwarden/androidRepository from Github https://github.combitwarden/android

Cannot create passkeys

nordic-style opened this issue · comments

commented

Steps To Reproduce

  1. Go to any website that supports passkeys. For this bug i use "https://passkeys.io"
  2. Click on "Don't have an account?"
  3. Fill e-mail address
  4. Click on Continue
  5. Click on "Create a passkey"
  6. Make sure bitwarden is selected and click on "create"
  7. Click on "Save as new ..." in the bitwarden app
  8. Click on "save"
  9. Authenticate with BIO or Password
  10. You are redirected to the website which says "The request either timed out, was canceled ot the device is already registered. Please try again or try using another device."

Expected Result

Create a passkey in bitwarden that is linked to the website (in this case passkeys.io).

Actual Result

A passkey is created in bitwarden but is not linked with the website.

Screenshots or Videos

Image
Image

Additional Context

This is different from the report of #4331 so i created a new one.

Build Version

19622

What server are you connecting to?

EU

Self-host Server Version

No response

Environment Details

Google Pixel 9 Pro (Android 15) and Galaxy S23 (Android 14)with current Chrome Browser

Issue Tracking Info

  • I understand that work is tracked outside of Github. A PR will be linked to this issue should one be opened to address it, but Bitwarden doesn't use fields like "assigned", "milestone", or "project" to track progress.
commented

Thank you for your report! We've added this to our internal board for review.
ID: PM-17870

commented

Hi @nordic-style

I was able to replicate your issue but it seems to be isolated to passkeys.io. The passkey is successfully created in Bitwarden, and we provide the expected response to the calling application.

I suspect this is a bug in the webpage itself as I am able to create and use passkeys with other websites. For example, https://learnpasskeys.io, https://webauthn.io, https://passkeys-demo.appspot.com, and many other production sites.

I suggest reaching out to the author of that site and reporting the issue if you have not already done so.

If there are other sites or applications you are seeing issues with, feel free to provide details and we can try to identify if there's a common cause between them.

commented

Hi @SaintPatrck, thanks for the quick reply. It was late yesterday and I forgot some information in my ticket.

I originally found the problem on https://www.amazon.de/ where I can still reproduce the problem. After that I went to passkeys.io so you don't have to create a German Amazon account. With the firfox plugin both sites work fine. The Google password manager on Android also works without any problems. Could it be that there is a function that we are missing on both sites?

Best
Martin

commented

Thank you for the additional details. I'll do some testing with Amazon to see if anything stands out.

In the meantime, I've reached out to Hanko (owners of passkeys.io) and they are investigating on their end. I'll post updates as they're available.

commented

Thank you for reporting the problem @nordic-style and for the tip @SaintPatrck. We are investigating the issue and will get back to you as soon as we know what's going on.

commented

Hey @SaintPatrck,

I just looked into the problem and I can also reproduce it but I'm not sure why it occurs.

When creating a passkey with Bitwarden the browser always returns this error:
NotReadableError: An unknown error occurred while talking to the credential manager.

I used this statement to test:

navigator.credentials.create({publicKey: {challenge: Uint8Array.from("12345678901234567890".split('').map(letter => letter.charCodeAt(0))), user:{id: Uint8Array.from("12345678901234567890".split('').map(letter => letter.charCodeAt(0))), name: "testname", displayName: "testName"}, pubKeyCredParams:[{type:"public-key", alg: -7},{type:"public-key", alg: -257}], rp:{name:"passkeys.io", id:"passkeys.io"}, authenticatorSelection: {residentKey: "required", requireResidentKey: true, userVerification: "required"}, attestation: "direct"}})

I also changed some options (e.g. attestation, authenticatorSelection) but still got the same error.

commented

I have the same issue when creating passkeys on Android 15 (Pixel 6) with accounts on Amazon and Google. Cannot link the passkey to accounts. Bitwarden creates the passkey successfully but the accounts error out and cannot use the passkey.

commented

I am also experiencing the same issue. On Bitwarden for Android devices, a Passkey is created on the Bitwarden side, but an error occurs. The Passkey is not registered on the website, and I cannot log in.

  • device:
    • Xiaomi 13t pro
  • OS:
    • HyperOS 2.0.2.0 (Android 15 AP3A.240617.008)