Trying to log in with passkey errors with 500 response

[wagnerand]

Steps to reproduce

1. Add a passkey in Settings -> Security -> Passwordless Authentication
2. Log out
3. On the login page, click "Log in with a device"
4. Enter username and click "Log in"
5. Confirm the passkey prompt

Expected behaviour

Successful login

Actual behaviour

Nothing user-visible happens, not even an error.

The POST request to index.php/login/webauthn/finish responds with a 500 - Internal Server Error

Server configuration

Operating system: Unknown - Shared hosting

Web server: Unknown - Shared hosting

Database: MySQL

PHP version: 8.3

Version: 30.0.01

Updated from an older version or fresh install: Updated

List of activated apps:

If you have access to your command line run e.g.:
sudo -u www-data php occ app:list
from within your server installation folder

The content of config/config.php:

If you have access to your command line run e.g.:
sudo -u www-data php occ config:list system
from within your Nextcloud installation folder

or

Insert your config.php content here
Make sure to remove all sensitive content such as passwords. (e.g. database password, passwordsalt, secret, smtp password, …)

Client configuration

Browser: Firefox 132

Operating system: macOS

Logs

Web server error log

Insert your webserver log here

Server log (data/nextcloud.log)

{
  "reqId": "iCox11cLWx7avl0BqLNH",
  "level": 3,
  "time": "2024-10-18T22:25:54+00:00",
  "remoteAddr": "...",
  "user": "--",
  "app": "no app in context",
  "method": "POST",
  "url": "/index.php/login/webauthn/finish",
  "message": "An error occurred",
  "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:132.0) Gecko/20100101 Firefox/132.0",
  "version": "30.0.1.2",
  "exception": {
    "Exception": "Webauthn\\Exception\\InvalidUserHandleException",
    "Message": "Invalid user handle",
    "Code": 0,
    "Trace": [
      {
        "file": "/nextcloud/apps/twofactor_webauthn/vendor/web-auth/webauthn-lib/src/CeremonyStep/CheckUserHandle.php",
        "line": 31,
        "function": "create",
        "class": "Webauthn\\Exception\\InvalidUserHandleException",
        "type": "::",
        "args": ["*** sensitive parameters replaced ***"]
      },
      {
        "file": "/nextcloud/apps/twofactor_webauthn/vendor/web-auth/webauthn-lib/src/CeremonyStep/CeremonyStepManager.php",
        "line": 31,
        "function": "process",
        "class": "Webauthn\\CeremonyStep\\CheckUserHandle",
        "type": "->"
      },
      {
        "file": "/nextcloud/apps/twofactor_webauthn/vendor/web-auth/webauthn-lib/src/AuthenticatorAssertionResponseValidator.php",
        "line": 190,
        "function": "process",
        "class": "Webauthn\\CeremonyStep\\CeremonyStepManager",
        "type": "->"
      },
      {
        "file": "/nextcloud/lib/private/Authentication/WebAuthn/Manager.php",
        "line": 222,
        "function": "check",
        "class": "Webauthn\\AuthenticatorAssertionResponseValidator",
        "type": "->"
      },
      {
        "file": "/nextcloud/core/Controller/WebAuthnController.php",
        "line": 79,
        "function": "finishAuthentication",
        "class": "OC\\Authentication\\WebAuthn\\Manager",
        "type": "->"
      },
      {
        "file": "/nextcloud/lib/private/AppFramework/Http/Dispatcher.php",
        "line": 208,
        "function": "finishAuthentication",
        "class": "OC\\Core\\Controller\\WebAuthnController",
        "type": "->"
      },
      {
        "file": "/nextcloud/lib/private/AppFramework/Http/Dispatcher.php",
        "line": 114,
        "function": "executeController",
        "class": "OC\\AppFramework\\Http\\Dispatcher",
        "type": "->"
      },
      {
        "file": "/nextcloud/lib/private/AppFramework/App.php",
        "line": 161,
        "function": "dispatch",
        "class": "OC\\AppFramework\\Http\\Dispatcher",
        "type": "->"
      },
      {
        "file": "/nextcloud/lib/private/Route/Router.php",
        "line": 302,
        "function": "main",
        "class": "OC\\AppFramework\\App",
        "type": "::"
      },
      {
        "file": "/nextcloud/lib/base.php",
        "line": 1001,
        "function": "match",
        "class": "OC\\Route\\Router",
        "type": "->"
      },
      {
        "file": "/nextcloud/index.php",
        "line": 24,
        "function": "handleRequest",
        "class": "OC",
        "type": "::"
      }
    ],
    "File": "/nextcloud/apps/twofactor_webauthn/vendor/web-auth/webauthn-lib/src/Exception/InvalidUserHandleException.php",
    "Line": 13,
    "message": "An error occurred",
    "exception": {},
    "CustomMessage": "An error occurred"
  }
}

Browser log

Insert your browser log here, this could for example include:

a) The javascript console log
b) The network log

[wagnerand]

twofactor_webauthn/vendor/web-auth/webauthn-lib/src/CeremonyStep/CheckUserHandle.php#31 (origin) is

$credentialUserHandle === $responseUserHandle || throw InvalidUserHandleException::create();

In my case, $credentialUserHandle was the (correct) plain text username, and $responseUserHandle was the base64-encoded username.