Fix webauthn registration failure on Firefox < 119 with Ed25519 keys

2025-04-03 12:25:31 +00:00 · 2023-11-15 15:58:32 +02:00 · 2023-11-15 15:58:32 +02:00 · 7c8dbec62e
commit 7c8dbec62e
parent 2a2c7d66ec
2 changed files with 14 additions and 0 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -14,6 +14,7 @@ All notable changes to this project will be documented in this file.
 ### Bug Fixes
 - Fix "Ping Details" dialog to handle email bodies not yet uploaded to object storage
 - Fix webauthn registration failure on Firefox with Bitwarden extension
+- Fix webauthn registration failure on Firefox < 119 with Ed25519 keys

 ## v3.0.1 - 2023-10-30

--- a/static/js/add_credential.js
+++ b/static/js/add_credential.js
@ -9,6 +9,19 @@ $(function() {
        $("#success").addClass("hide");

        var options = JSON.parse($("#options").text());
+        // Override pubKeyCredParams prepared by python-fido2,
+        // to only list ES256 (-7) and RS256 (-257), **and omit Ed25519 (-8)**.
+        // This is to work around a bug in Firefox < 119. Affected
+        // Firefox versions serialize Ed25519 keys incorrectly,
+        // the workaround is to exclude Ed25519 from pubKeyCredParams.
+        //
+        // For reference, different project, similar issue:
+        // https://github.com/MasterKale/SimpleWebAuthn/issues/463
+        options.publicKey.pubKeyCredParams= [
+            {"alg": -7, "type": "public-key"},
+            {"alg": -257, "type": "public-key"}
+        ]
+
        webauthnJSON.create(options).then(function(response) {
            $("#response").val(JSON.stringify(response));
            // Show the success message and save button