Feature #22051
closedEnable passkey authentication
0%
Description
Might be a workaround for https://redmine.gc.cuny.edu/issues/18032. I found this plug-in: https://wordpress.com/plugins/wp-webauthn
Related issues
Updated by Raymond Hoh about 1 month ago
- Status changed from New to Reporter Feedback
WebAuthn should already be supported with our current 2FA set up. In particular, we are using this plugin: https://wordpress.org/plugins/two-factor-provider-webauthn/.
If it isn't working, let us know.
Updated by Raffi Khatchadourian about 1 month ago
I saw an option for WebAuthn in the current plug-in. But when I tried to generate a passkey, I got some cryptic error. Have you been able to successfully use this?
Updated by Raffi Khatchadourian about 1 month ago
This is the error I get when I select "Register New Key:"
Cannot read properties of undefined (reading 'user')
Updated by Raymond Hoh about 1 month ago
Are you trying to add a new WebAuthn key through the admin dashboard at https://commons.gc.cuny.edu/wp-admin/profile.php or at https://commons.gc.cuny.edu/members/me/settings/ ?
The /wp-admin/profile.php page should work, but the /members/me/settings/ integration might be broken.
I do not have a passkey to test, but a member of our team does. Jeremy, can you test your WebAuthn key on both pages and see if there are any problems?
Updated by Raffi Khatchadourian about 1 month ago
Raymond Hoh wrote in #note-4:
Are you trying to add a new WebAuthn key through the admin dashboard at https://commons.gc.cuny.edu/wp-admin/profile.php
No. I was trying to generate a key through https://khatchad.commons.gc.cuny.edu/wp-admin/profile.php. I tried now https://commons.gc.cuny.edu/wp-admin/profile.php as well. I get the same error.
This one doesn't have the option to add a security key.
The
/wp-admin/profile.phppage should work, but the/members/me/settings/integration might be broken.I do not have a passkey to test, but a member of our team does.
Doesn't the browser generate one?
Updated by Raymond Hoh about 1 month ago
Cannot read properties of undefined (reading 'user')
I've duplicated this bug and have created an issue at the author's Github repo - https://github.com/sjinks/wp-two-factor-provider-webauthn/issues/999
or at https://commons.gc.cuny.edu/members/me/settings/ ?
This one doesn't have the option to add a security key.
You have to select WebAuthn as a provider before the table shows up there. I did find a problem with our frontend integration on the /members/me/settings/ page with the user ID nonce not working correctly, but the main Cannot read properties of undefined (reading 'user') problem still occurs. Update: Pushed a fix for the user ID nonce in https://github.com/cuny-academic-commons/cac/commit/2cb6bda3be2f2927534c2cddadb6d162dc07203e and is live on production.
Doesn't the browser generate one?
I wasn't aware that the two-factor-provider-webauthn plugin worked without a security key as the screenshots only show it working with a security key and we were activating this plugin to fix U2F security key compatibility, but thanks for making me aware of this.
Updated by Raymond Hoh about 1 month ago
- Status changed from Reporter Feedback to Testing Required
Okay Raffi, the Webauthn 2FA option is ready to be tested. During the DB migration, we forgot to migrate two DB tables that the WebAuthn plugin depends on (see #22071). Boone just imported those tables over and I can confirm that the error mentioned above no longer shows up, so feel free to test WebAuthn support and let us know if it is working correctly. I'll do some testing too at a later date as well.
Updated by Raymond Hoh about 1 month ago
- Related to Bug #22071: wp_2fa_webauthn_users and wp_2fa_webauthn_credentials DB tables do not exist added
Updated by Raffi Khatchadourian about 1 month ago
It works! Thanks! I've set the passkey as the default option for 2FA.
Updated by Raymond Hoh about 1 month ago
- Category name set to Security
- Status changed from Testing Required to Resolved
- Target version set to 2.5.3
Glad it works! Thanks for testing the WebAuthn 2FA option, Raffi!