is the webauthn authentication with NC26 (v26.0.7) together with an Android v11 mobile phone possible?
I tried to add my device - but no success.
I open the Internet browser (Firefox or Chrome - same behavior in both) at my android device, log in (normal user / password), go to personal information/security click on “add WebAuthn device”.
Then a dialog opens saying “choose device” and shows me three options: NFC-key, USB-key and “this device”
But when I click at “this device” nothing happens - it stays at that dialog without any reaction.
NC logging also shows nothing…
Am I doing something wrong or is it not possible?
I thought android would support passkey authentication since v9 and NC since v17?
NC 27 and before supports Webauthn (FIDO2 non-resident / non-discoverable Keys). That is, the nextcloud Server saves a secret the Security Device (like a Yubikey) provides. The Yubikey itself does not save anything about the Website. The Website always needs at least the Username and Security Device for Login.
Nextcloud currently doesn’t support what Google made known as Passkey (FIDO2 resident / discoverable Keys). Here the Security Device saves a user-specific Secret from the Server, which it presents when you try to login. In this case you only need the Security Device to Login.
It’s more complicated than that but that’s my relatively short explanation. It would be great if Nextcloud supports Passkeys natively in NC 28 or 29 but I’ve yet to see something like that announced.
That is why under Personal Settings > Security > Authentication without Password it says “Add Webauthn-Device” and not “Add Passkey”. Maybe the “this Device” Option in the Android Security Key Auth-Feature only allows Passkey and not Webauthn.
Also using the current “Authentication without Password” via Webauthn doesn’t allow you to disable normal Login via Password. Because of this it would be unwise to disable your 2FA Options. However now you can either Login with Username + Password + 2FA (TOTP / Notification / Webauthn) or Username + Webauthn + 2FA (TOTP / Notification / Webauthn). It does eliminate Password use (not the ability to use) but, seems kind of like an insane implementation of it.
I am very confused, as when initiating the adding of a passkey as a second factor or as a login device, in both cases I could add them when initiating the process on my Android phone’s browser, but the process times out when trying to add it from my browser ???
Passkeys are great, but each website uses them completely differently, sometimes I can make it work, sometimes not, confusing as hell.
I tried it in Windows 10 with Firefox browser.
I installed KeePassXC and the corresponding browser extension.
And now? How do I enable the PassKey authentication for Nextcloud (v28.0.10) / Firefox (v128.3.0esr) / KeePassXC (2.7.9)?
EDIT: it now works with my NC instance (but not with this support forum - but that’s a second thing )
These are the steps I did:
1.) enable PassKey support in KeePass browser extension (it’s an option in the “general options” which was not set after installation)
2.) connect KeePass browser extension with the KeePassXC program - this is also in the browser extension’s options - under “connected databases” press “connect” when the KeePass program is running. Then I gave it a name and allowed it to connect
3.) I added a passkey to your NC instance.
For that I logged in to my NC user with normal user/password authentication. Then I opened the “personal settings/security” page and pressed “Add WebAuthn device” (of course with running KeePassXC windows program).
Then a KeyPassXC dialog opens where I could store the passkey and in the browser / NC I could also set a name for that device.
After logging off again I was able to “login with a device” in NC - really nice!
I’m still getting a notification that something is not right with the encryption key when logging in this way so I stick to the username/password combination. Hopefully that gets worked out soon. Could be some of the extensions.