gitea: Could not read your security key
Gitea Version
1.16.0
Git Version
2.30.2
Operating System
openSUSE Leap 15.3
How are you running Gitea?
podman container using gitea/gitea:latest
Database
PostgreSQL
Can you reproduce the bug on the Gitea demo site?
No
Log Gist
No response
Description
When logging in with my Yubikey, I get a “Could not read your security key” error (See screenshot). The Yubikey works with other services, and was working with gitea before.
I haven’t logged in in a while, so I’m not sure, which version was the last where it was working.
Logging in via TOTP works fine. Removing the Yubikeys from my account and re-adding them solved the issue.
Screenshots
About this issue
- Original URL
- State: closed
- Created 2 years ago
- Reactions: 3
- Comments: 16 (9 by maintainers)
One possible issue is that the section for the
[U2F]needs to be[U2F]not[u2f]this is a mistake on my behalf and will be fixed in 1.16.2 and is fixed on 1.16-dev.Setting the app_id correctly should work for previously registered u2f keys but if your root_url is not your real root URL you may have difficulties registering new keys.
Webauthn requires that the relying party knows its own endpoint. Now this could be taken from the requests requestURI and perhaps in future once context passing is done we could do that but at present Gitea expects the root URL to be right.
@grisu48 “An attempt was made to use an object that is not, or is no longer, usable” likely relates to the different format of the “relying party” ID that webauthn expects as compared to U2F.
You would need to set the
[u2f]APP_IDto match the old APP_ID format that the security keys would work for. Gitea guesses this is theROOT_URLbut depending on your set-up this may not be correct.TRUSTED_FACETSare not supported in webauthn so if you were depending on these you will need to choose the most important one of these and set it as theAPP_ID.