Steps to reproduce

Where are you starting? What can you see?

User Settings -> Security -> My Sessions -> Tap on a session -> Tap on "Sign out this session"

Then, by coincidence, it requires me to re-authenticate with my social identity provider, in this case GitHub.

GitHub then requires me to use my security key, because I use 2FA with GitHub.

I tap the use security key button in the web page.
It says "authentication failed", despite using it earlier to sign into this device.

---

Other notes:

I have experienced this with the Cisco AnyConnect app. We had to change our configuration so the iOS app uses a slightly different web view technology.

Something about how SFSafariWebView

Apple Documentation: ASWebAuthenticationSession

Yubico: No reaction when using WebAuthn on macOS, iOS and iPadOS

Apple: Meet Face ID and Touch ID for the Web

Element has no control on what or how the scripts run on a social login provider. This issue likely will only be resolved by switching the web view technology that comes up when tapping "Sign out this session".

Outcome

What did you expect?

I expect to be able to use my security key to authenticate with GitHub and then return to Element's UI to remove the session.

What happened instead?

I was blocked

Your phone model

iPhone 13 Pro Max

Operating system version

17.0.3

Application version

No response

Homeserver

No response

Will you send logs?

Yes

Rage shaking was not recognized during this flow. I am unable to submit logs with that method. Here's a screenshot at least.

Again, the issue is: The way Element iOS is creating this webview prevents successful use of WebAuthn security keys. This is not a case where my security key failed. I was never prompted to bring my security key to the device.