ipad ios 17, can not log in with yubikey,

[Nephilimi]

Steps To Reproduce

I've used bitwarden on ios 17 on ipad for a number of weeks now, but the 2FA challenge was originally done on ios 16. Today I tried to log into my work vault and ran into this problem below, which failed. Somehow failing to log into my work account logged me out of my personal account (is that a feature or another bug?).

Now I'm logged out of my personal account with the same problem as below. For the record my yubikey is set up as webauthn and regular yubikey on both of these accounts but I'm forced to webauthn here.

There's about three bugs in this report but the huge one is I can't get into either of my vaults.

Where are we on ios/ipados 17 support?

1. Intially app retained my personal account email, logging in on bitwarden.com
2. master password entry screen.
3. FIDO2 WebAuthn challenge screen. ***** NOTE how you can't see the the blue "Authenticate WebAuthn" button on this screen, it took me a while to learn this little screen needs to be scrolled DOWN*****
4. Then I get what appears to be a ios Sign In screen.
5. It does not matter what option I chose here, both of them proceed to settings.app in the Password Options section. What am I to do here??
6. If I then click the top left link back to Bitwarden I'm presented with message "Please make sure your default browser supports WebAuthn and try again".
7. Close that error message and I'm left with a completely blank window with the bitwarden logo. ****** NOTE nothing I can do here, you are forced to close the app and swipe it out of memory to start over.

Note; I'm beta testing Vivaldi but changing default browser back to Safari and doing this over again does not change anything here, you still go to settings.

Expected Result

Successful 2FA challenge

sub issues;

1. blue "Authenticate WebAuthn" button must be visible without scrolling.
2. If 2FA challenge process fails put something on the screen so the user can start over without force quitting the app.

Actual Result

Settings screen opens instead of initiating 2FA challenge, which I guess requires a browser?

Screenshots or Videos

1 challenge, what do I do here?

2 have to scroll to see button

3 chose how to sign in. Chose either one, both of them lead to the settings app??

4 why did settings open?

5 error occured

6 completely blank useless screen can't do anything. Have to force quit and start over.

Additional Context

No response

Operating System

iOS

Operating System Version

17 public beta 21A5326a

Device

ipad pro M1

Build Version

Whatever is current in app store, I can't get in to see this...

Beta

• Using a pre-release version of the application.

[Nephilimi]

I was able to finally get back into my personal account but I can't get into my work account still. I am not able to use this workaround to get into my other account because #2 below just results in the "autofill enabled" splash screen.

1. Above same process but when you get to the settings app uncheck Bitwarden in the "use passcodes and passkeys from" section
2. Recheck Bitwarden in that same section. Because you have nothing logged in, it brings you back to the login process.
3. I was again prompted for webauthn popup BUT this time there was a three dot menu item in the top right of the pop up window, tapping that lead me to "use other 2FA methods", and selecting that I was FINALLY able to use yubikey.
4. That brought me to the youbikey prompt, and this is where I'm about to lose it because this window is asking me to do NFC which i'm reasonably certain the ipad doesn't have. BUT because THAT bug was reported (not fixed) years ago I know there is a hidden/invisible text entry window on this screen, shown in the picture below today still broken. So now I tap this invisible text entry section, plug in my USB-C yubikey and I'm able to complete authentication.

Super secret and well hidden text entry section you have to find to get this working on ipad.
Reference issues;

• Yubikey 4c/5c does not work on iPad Pro (2018) #592
  and the original issue from 2019 is
• iPhone App: YubiKey 2FA login challenge not designed for YubiKey 5Ci #679
  

[kevinfengcu]

Try inserting the key and touching the button when you see the iPadOS system prompt (i.e. step 3), ignoring both options.
This looks like an iPadOS bug/intended process change as it happens with other WebAuthn login.

[Nephilimi]

Try inserting the key and touching the button when you see the iPadOS system prompt (i.e. step 3), ignoring both options. This looks like an iPadOS bug/intended process change as it happens with other WebAuthn login.

Thank You, that was the answer! I never would have figured that out just fumbling around and following directions.

So this is really a bug under iOS 17 I should be reporting to Apple? Bitwarden has no control over that dialog right?

What about not being able to select an alternate 2FA method like I was able to do in my workaround?

It certainly appears that bitwarden app has control of the blue authenticate button not being visible, file as separate bug?

[Nephilimi]

iOS beta feedback filed. FB13129207 (Webauthn challenge does not tell user to use security key now, leads to security settings.)

[Greenderella]

Hi there,

I have escalated this report for further investigation. If you have more information that can help us, please add it below.

Thanks!

[Nephilimi]

Hi there,

I have escalated this report for further investigation. If you have more information that can help us, please add it below.

Thanks!

Thank you. To clarify we have four things I think need to be addressed here.

• screenshot 1; shrink picture so Authenticate WebAuthn button is visible in system dialog box
• screenshot 2; Is it possible to ask for / trigger alternate methods here, like yubikey?
• Screenshot 3; I don't know what you can do about the system dialog shown here. I filed a beta bug report to apple but your group could probably get more attention than I can.
• Follow up post screenshot; Change instructions to include what to do for devices that do not have NFC, and figure out some way to call out the text entry field so you can use yubikey. Multiple referenced issues linked in that post on this item.

[allddd]

I'm having the same problem on an iPhone 14 Pro (iOS 17.0.1) using 2023.9.1.
Since I can't plug in my key and have to use NFC instead, the workaround is to place the key on the back of the phone when the iOS prompt appears, without pressing anything on the screen.
The prompt then disappears and authentication is successful.

[ayancey]

This is really frustrating. It affects other products that use webauthn as well.

[Nephilimi]

This is really frustrating. It affects other products that use webauthn as well.

It does. All I can suggest is to temporarily turn on public beta in settings, that gets you access to the feedback app. Do a little writeup in feedback and submit it. Then you may turn off public beta so as to not actually upgrade to the beta. I've also sent this to apple on twitter, no response. There's also a feedback page for apple somewhere I haven't done yet.

[ayancey]

This is really frustrating. It affects other products that use webauthn as well.

It does. All I can suggest is to temporarily turn on public beta in settings, that gets you access to the feedback app. Do a little writeup in feedback and submit it. Then you may turn off public beta so as to not actually upgrade to the beta. I've also sent this to apple on twitter, no response. There's also a feedback page for apple somewhere I haven't done yet.

I am not on any beta. I am on iOS 17.0.3.

[lucianken]

thanks god this thread solved my issue in a different product/flow using yubikey. This is apple fault, I confirm the workaround works:

PLace the yubikey behind the phone when the Ios prompt appears without touching anything.

[Nephilimi]

If this page helped you please let apple know about it; https://www.apple.com/feedback/iphone/

[ajaxbits]

Issue persists. The below did not fix for me:

PLace the yubikey behind the phone when the Ios prompt appears without touching anything.

[luuqh]

Issue persists. The below did not fix for me:

PLace the yubikey behind the phone when the Ios prompt appears without touching anything.

Same here with my iPhone 12P + iOS17 (all versions including 17.1.1) and Yubikey 5 (USB-C and USB-A) :(

[Nephilimi]

In response to the recent posts this doesn't work; I just logged out of both of my devices and was able to get back in with WebAuthm on both no issues. You still need to hit the big blue Authenticate with WebAuthn button. The prompt after that one is the one you ignore. This of course assumes that you have your Bitwarden account set up to use WebAuthn 2FA in the first place.

Bitwarden on ipad via WebAuthn via USB on iOS beta 17.2, still works fine.
Bitwarden on iphone via WebAuthn via NFC on iOS 17.1.1, still works fine.

If you have Bitwarden 2FA set up to use Yubikey specifically, that is a slightly different procedure using the hidden text entry field. I believe the problem there is getting ios to switch over to alternate methods.

[ajaxbits]

Sorry, should have specified @Nephilimi.

I am using WebAuthn via NFC.

However, after an uninstall-reinstall, this strategy seems to work:

PLace the yubikey behind the phone when the Ios prompt appears without touching anything.