Can't login with security key 2fa

[kaibagley]

Describe the bug
Can't login to NC server through the app if using FIDO2 security token as 2fa

To Reproduce
Steps to reproduce the behavior:

1. Open app
2. Log into NC server

Expected behavior
Logs into server and authorises Les Pas to access photos

Smartphone (please complete the following information):

• Device: Google Pixel 7 Pro
• OS: GrapheneOS

When trying to log in, i get the message:
Your browser does not support WebAuthn.

Workaround is to just disable 2fa/change to TOTP, then log in, then re-enable WebAuthn.

[scubajeff]

I'm on vacation with my kids. Won't have access to my developing station until the end of this month. This might be an issue of Android Webview with webauth. Hopfully there is quick fix for it.

[kaibagley]

No problem at all, there's a workaround so I can still use this great app! Hope you have a great time!

[Freeedim]

Don't know if it is related or if I should open another issue:

• I have 2FA, with either TOTP, WebAuthn or Nextcloud client app push notification.
• I have just installed Les Pas for the first time. When trying to connect it to my Nextcloud account, I enter the URL and I land on a WebView page with my instance's background image, a button "Log in" and a link "Alternative authentication with an application token"; none produces any effect when touched.

[scubajeff]

if this error persists, please create a new issue.

[scubajeff]

For WebAuthN, it's not supported in android webview, which Les Pas use to do display all the login pages. Which means this feature is NOT gonna happen unless Google implments WebAuthN in webview, which I don't think it will ever happen, Google stated clearly that WebAuthN only supported in real browser, like Chrome.

Meanwhile, you can generate app password for Les Pas on Nextcloud server first, and then use the generated password to login. Les Pas also support QR code scanning too. Though this process is certainly not user friendly if you are hosting for many users.

[kaibagley]

I see, that's a bit of a shame. Is there not another method for auth not using WebView?

[Freeedim]

if this error persists, please create a new issue.

@scubajeff Actually problem was solved by updating WebView (I had version 74 whereas the latest version is 114)

[scubajeff]

including fido2 login?

[Freeedim]

including fido2 login?

I haven't tried it specifically. I directly clicked on the link to use an application token.

[btittelbach]

There is another angle to this... if a user has Firefox for Android installed, it's possible to use GeckoView instead of WebView for Nextcloud authentification.

Surprisingly many apps already do this. No idea how much work that would be and if it would be worth it, but It would have two advantages:

1. WebAuthN would be supported
2. If a User is already logged in with Firefox, their cookie will already be valid and they don't need to re-login at all, just klick "Grant Access"

[scubajeff]

Using customchromepage instead of webview for login is already in the backlog. Yes, the backlog is quite long now. I need to sort it out.