FIDO2 GitHub¶

https://github.com/settings/security -> PassKeys

"Passkey registration failed" on Firefox¶

Using a new FIDO key?

If will receive this error cause Firefox doesn't support setting up the PIN for a hardware key. You can set it up using ykman like so:

ykman fido access change-pin

and try again

More discussion here: https://github.com/orgs/community/discussions/67791

Multiple accounts on a single FIDO2 device¶

You can have multiple accounts on a single FIDO2 device!

The GitHub sends a FIDO2 challenge with an empty allowCredentials argument

{
    "publicKey": {
        "challenge": x,
        "timeout": 60000,
        "rpId": "github.com",
        "allowCredentials": [],
        "userVerification": "required"
    }
}

I got the above following Monkey patching

See the webauthn2 spec for more info:

The Relying Party invokes navigator.credentials.get() with an empty allowCredentials argument. This means that the Relying Party does not necessarily need to first identify the user. As a consequence, a discoverable credential capable authenticator can generate an assertion signature for a discoverable credential given only an RP ID, which in turn necessitates that the public key credential source is stored in the authenticator or client platform.