Registration fails - either timed out or was not allowed

[jakubgs]

Steps to reproduce

1. Try to register YubiKey for WebAuthN
2. Click the button on YubiKey repeatedle
3. See error:

   The operation either timed out or was not allowed.
   See: https://www.w3.org/TR/webauthn-2/#sctn-privacy-considerations-client.
   

Expected behaviour

It works.

Actual behaviour

It doesn't work.

Server configuration

Operating system: Docker Image based on Debian
Web server: Apache
Database: Postgres 13.3
PHP version: 8.0.17
Version: 23.0.3
Updated from an older version or fresh install: Updated from 23.0.2 and others.
List of activated apps: https://gist.github.com/jakubgs/0c946ca8cf8336b49d3f696322326bb4
The content of config/config.php: https://gist.github.com/jakubgs/36fb4c86eed93ec3ed70274cae404b43

Client configuration

Browser: Firefox 97.0, Chromium 99.0.4844.74, Brave 1.36.116
Operating system: GNU/Linux

Logs

Web server error log

[24/Mar/2022:12:15:48 +0000] "POST /apps/twofactor_webauthn/settings/startregister HTTP/1.0" 200 1054 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.74 Safari/537.36"

Server log (data/nextcloud.log)

{"reqId":"E4NGlzfoxyWTz8jGZq4k","level":0,"time":"2022-03-24T12:16:34+00:00","remoteAddr":"82.139.21.242","user":"admin","app":"encryption","method":"POST","url":"/apps/twofactor_webauthn/settings/startregister","message":"/appinfo/app.php is deprecated, use \\OCP\\AppFramework\\Bootstrap\\IBootstrap on the application class instead.","userAgent":"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.74 Safari/537.36","version":"23.0.3.2"}

Browser log

Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('chrome-extension://kmendfapggjehodndflmmgagdbamhnfd') does not match the recipient window's origin ('null').
(anonymous) @ generated-google-u2f-api.js:534
load (async)
r.getIframePort_ @ generated-google-u2f-api.js:532
(anonymous) @ generated-google-u2f-api.js:206

AddDeviceDialog.vue:123 [twofactor_webauthn] Starting to add a new twofactor webauthn device
AddDeviceDialog.vue:157 [twofactor_webauthn] starting webauthn registration
AddDeviceDialog.vue:174 [twofactor_webauthn] register Error creating credentials DOMException: The operation either timed out or was not allowed. See: https://www.w3.org/TR/webauthn-2/#sctn-privacy-considerations-client.
(anonymous) @ AddDeviceDialog.vue:174
Promise.catch (async)
register @ AddDeviceDialog.vue:173
Promise.then (async)
start @ AddDeviceDialog.vue:128
Gt @ vue.runtime.esm.js:1863
n @ vue.runtime.esm.js:2188
i._wrapper @ vue.runtime.esm.js:6961

AddDeviceDialog.vue:131 [twofactor_webauthn] NotAllowedError The operation either timed out or was not allowed. See: https://www.w3.org/TR/webauthn-2/#sctn-privacy-considerations-client.
(anonymous) @ AddDeviceDialog.vue:131
Promise.catch (async)
start @ AddDeviceDialog.vue:130
Gt @ vue.runtime.esm.js:1863
n @ vue.runtime.esm.js:2188
i._wrapper @ vue.runtime.esm.js:6961

[jakubgs]

I just managed to add my YubiKey as WebAuthN device from a different machine running the same OS and using Brave browser.
What's interesting is now I can also use it from my desktop and also remove and re-add YubiKey as WebAuthN from desktop.

This suggests that:

1. This is partially client-side issue, since the laptop worked
2. This is partially server-side issue, since the successful addition fixed it on a different machine

Thoughts?

[ricklahaye]

Did you solve this? Timeout here as well.

[jakubgs]

I haven't seen this issue in a while.

But honestly, we barely use NextCloud because it's kinda clunky.

[solracsf]

Failed here too on Brave (tested with a private tab too), successfully added FIDO2 key on Edge.

Brave console: