-
-
Notifications
You must be signed in to change notification settings - Fork 4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Invalid user.id
length for passkeys handlers
#70412
Comments
Assigning to @getsentry/support for routing ⏲️ |
Routing to @getsentry/product-owners-settings-auth for triage ⏲️ |
We're looking into this. Thanks for the detailed bug report! |
I'm able to recreate this using the Bitwarden Browser Extension 2024.4.2 and Chrome 124.0.6367.156. I don't receive a prompt from Bitwarden to setup a passkey. Is this what you're experiencing? Could you share your extension and browser versions? Interestingly, I cannot recreate this using 1Password. It successfully prompts to create a new passkey and registers it fine. |
@mdtro Good to know! The prompt is not shown because of the error reported by Bitwarden's background script. |
@mdtro After further investigation, it appears that the |
@LeoColomb Good catch! Our backend API returns this in a JSON response to a GET on {
...
"challenge": {
"webAuthnRegisterData": "<encoded data>"
}
} @leedongwei I'm not great with the frontend code. Is it possible we are decoding this incorrectly and putting the wrong values in |
Environment
SaaS (https://sentry.io/)
Steps to Reproduce
Expected Result
All the enrollment to run without issues and the key challenge to be accepted.
The
user.id
standard to be respectedActual Result
The interface shows an error.
The passkeys manager receives an incorrect
user.id
length.The password manager logs an error.
Ref: bitwarden/clients#8756
I tried to dig in where the wrong length was created, but it seems to be generated to correct way:
sentry/src/sentry/auth/authenticators/u2f.py
Line 111 in 9d20448
Some ideas:
user.id
Product Area
Settings - Auth
Link
https://sentry.io/settings/account/security/mfa/u2f/enroll/
DSN
No response
Version
No response
The text was updated successfully, but these errors were encountered: