449562 – Missing or broken FIDO U2F support

Bug 449562 - Missing or broken FIDO U2F support

Summary: Missing or broken FIDO U2F support

Status:	REPORTED

Alias:	None

Product:	Falkon
Classification:	Applications
Component:	general (other bugs)
Version First Reported In:	3.2.0
Platform:	Arch Linux Linux

Importance:	NOR normal
Target Milestone:	---
Assignee:	David Rosca

URL:
Keywords:

Depends on:
Blocks:

Reported:	2022-02-03 15:55 UTC by Adam Jimerson
Modified:	2022-02-03 16:15 UTC (History)
CC List:	0 users

See Also:
Latest Commit:
Version Fixed/Implemented In:
Sentry Crash Report:

Attachments
Screenshot of Google login process while trying to use FIDO U2F key for 2 factor authentication (160.43 KB, image/png) 2022-02-03 15:55 UTC, Adam Jimerson	Details
Screenshot from GitHub trying to access FIDO U2F key (164.15 KB, image/png) 2022-02-03 15:57 UTC, Adam Jimerson	Details
GitHub FIDO U2F error (170.60 KB, image/png) 2022-02-03 15:58 UTC, Adam Jimerson	Details
View All Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description Adam Jimerson 2022-02-03 15:55:35 UTC

Created attachment 146227 [details]
Screenshot of Google login process while trying to use FIDO U2F key for 2 factor authentication

SUMMARY
Falkon cannot seem to access my FIDO U2F security key, which is a Yubikey Neo. Instead when I get to the point in the login process where it the browser should prompt me to insert my key and press the button the site just hangs waiting to see/access/recognize my key. Using other browsers I'm able to use my key just fine.

Example sites:

- Any Google service and any site that the user uses their Google account for OAuth (like gitlab.com, digialocean.com, etc).
- Github with a security key enabled on the user's account.


STEPS TO REPRODUCE
1. 
2. 
3. 

OBSERVED RESULT


EXPECTED RESULT


SOFTWARE/OS VERSIONS
Windows: 
macOS: 
Linux/KDE Plasma: 
(available in About System)
KDE Plasma Version: 
KDE Frameworks Version: 
Qt Version: 

ADDITIONAL INFORMATION

Comment 1 Adam Jimerson 2022-02-03 15:57:39 UTC

Created attachment 146228 [details]
Screenshot from GitHub trying to access FIDO U2F key

I was only able to upload one attachment when I created the ticket but for the case of GitHub it is a little different as there in actually errors out after an extended period of time.

Comment 2 Adam Jimerson 2022-02-03 15:58:20 UTC

Created attachment 146229 [details]
GitHub FIDO U2F error

Comment 3 Adam Jimerson 2022-02-03 16:15:38 UTC

Sorry just noticed I didn't fully complete the bug template, see below for the rest of the info:

STEPS TO REPRODUCE
1. Setup a hardware security key FIDO U2F, or some other common standard on an account in a site that supports it
2. Attempt to login to said site with Falkon
3. Fail to do so as not able to answer the 2 factor auth challenge, and in the case of Google switching to another method is not possible.

OBSERVED RESULT

Not able to complete second factor auth challenge on sites with a hardware security key enabled.


EXPECTED RESULT

Either the site realize that using the security key is not possible, allowing use of fallback methods, or ideally for FIDO U2F keys to work.

SOFTWARE/OS VERSIONS
Operating System: Arch Linux
KDE Plasma Version: 5.23.5
KDE Frameworks Version: 5.90.0
Qt Version: 5.15.2
Kernel Version: 5.16.5-arch1-1 (64-bit)
Graphics Platform: X11
Processors: 8 × Intel® Core™ i7-6820HQ CPU @ 2.70GHz
Memory: 31.2 GiB of RAM
Graphics Processor: Quadro M1000M/PCIe/SSE2

ADDITIONAL INFORMATION