Skip to content

FIDO2 GitHub -> PassKeys

"Passkey registration failed" on Firefox

Using a new FIDO key?

If will receive this error cause Firefox doesn't support setting up the PIN for a hardware key. You can set it up using ykman like so:

ykman fido access change-pin

and try again

More discussion here:

Multiple accounts on a single FIDO2 device

You can have multiple accounts on a single FIDO2 device!

The GitHub sends a FIDO2 challenge with an empty allowCredentials argument

    "publicKey": {
        "challenge": x,
        "timeout": 60000,
        "rpId": "",
        "allowCredentials": [],
        "userVerification": "required"

I got the above following Monkey patching

See the webauthn2 spec for more info:

The Relying Party invokes navigator.credentials.get() with an empty allowCredentials argument. This means that the Relying Party does not necessarily need to first identify the user. As a consequence, a discoverable credential capable authenticator can generate an assertion signature for a discoverable credential given only an RP ID, which in turn necessitates that the public key credential source is stored in the authenticator or client platform.