starred/pocket-id-pocket-id-1
1
0
Fork 0
mirror of https://github.com/pocket-id/pocket-id.git synced 2025-12-09 14:53:00 +03:00
Code Issues 122 Packages Projects Releases 10 Wiki Activity

🐛 Bug Report: No passkey popup on Brave browser on Android #188

New Issue
Closed
opened 2025-10-07 23:56:52 +03:00 by OVERLORD · 12 comments
OVERLORD commented 2025-10-07 23:56:52 +03:00
Owner
Copy Link

Originally created by @gokussjx on GitHub.

Reproduction steps

Scenario-1: Direct login to Pocket ID

  1. Launch Brave browser on Android
  2. Navigate to your instance of Pocket ID
  3. Click "Authenticate"

Scenario-2: Login to supported service

  1. Launch Brave browser on Android
  2. Navigate to your web service that has Pocket ID OIDC configured (e.g., tinyauth)
  3. Click "Sign in"

Expected behavior

In either case, we should get a pop-up from our stored password manager if an associated passkey is found.

Example from PayPal on the same browser:

NOTE: The above screenshot helps verify that the password manager is not at fault here

Actual Behavior

In either case, there's no pop-up. The loading symbol on "Authenticate" or "Sign in" spins endlessly.

Scenario-1

Scenario-2

--> NOTE: The issue does NOT occur on Firefox on Android, and neither on Chrome on Android using the current Pocket ID instance. <--
In other words, the issue is specifically when using the Brave browser on Android.

Version and Environment

v1.1.0

Log Output

No response

Originally created by @gokussjx on GitHub. ### Reproduction steps **Scenario-1: Direct login to Pocket ID** 1. Launch Brave browser on Android 2. Navigate to your instance of Pocket ID 3. Click "Authenticate" **Scenario-2: Login to supported service** 1. Launch Brave browser on Android 2. Navigate to your web service that has Pocket ID OIDC configured (e.g., tinyauth) 3. Click "Sign in" ### Expected behavior In either case, we should get a pop-up from our stored password manager if an associated passkey is found. _Example from PayPal on the same browser_: <img src="https://github.com/user-attachments/assets/af6020b0-189b-4e30-b27e-54e25f408ead" width="288" height="588"> **NOTE: The above screenshot helps verify that the password manager is not at fault here** ### Actual Behavior In either case, there's no pop-up. The loading symbol on "Authenticate" or "Sign in" spins endlessly. **Scenario-1** <img src="https://github.com/user-attachments/assets/828c2ae8-8b74-49cc-9c86-839d3748ea9d" width="288" height="588"> **Scenario-2** <img src="https://github.com/user-attachments/assets/5d26e228-672e-4d3f-b8e3-33bdcf78c787" width="288" height="588"> --> **NOTE: The issue does NOT occur on Firefox on Android, and neither on Chrome on Android using the current Pocket ID instance.** <-- In other words, the issue is specifically when using the Brave browser on Android. ### Version and Environment v1.1.0 ### Log Output _No response_
OVERLORD added the bug label 2025-10-07 23:56:52 +03:00
OVERLORD commented 2025-10-07 23:56:55 +03:00
Author
Owner
Copy Link

@stonith404 commented on GitHub:

I think this issue is related https://github.com/brave/brave-browser/issues/15650.

Can you try to register and sign in with a passkey on https://webauthn.io/ and https://webauthn.me/ and let me know if you encounter the issue there too?

@stonith404 commented on GitHub: I think this issue is related https://github.com/brave/brave-browser/issues/15650. Can you try to register and sign in with a passkey on https://webauthn.io/ and https://webauthn.me/ and let me know if you encounter the issue there too?
OVERLORD commented 2025-10-07 23:56:55 +03:00
Author
Owner
Copy Link

@skyzuma commented on GitHub:

My problem is any chromium based browser (Vivaldi, edge, chrome, opera, brave, etc.) and the fact that the implementation of Passkey are different.

I can also only work with Firefox ... Maybe the problem is Samsung, idk ...

@skyzuma commented on GitHub: My problem is any chromium based browser (Vivaldi, edge, chrome, opera, brave, etc.) and the fact that the implementation of Passkey are different. I can also only work with Firefox ... Maybe the problem is Samsung, idk ...
OVERLORD commented 2025-10-07 23:56:55 +03:00
Author
Owner
Copy Link

@skyzuma commented on GitHub:

Hello, idk if I correct but I've testet many browser on andorid 15 (sm-f731b) and only Firefox work with pocket-id (instantly). I think the implementation of passkey is the problem.

#1 - after I write ur username u can press the passkey button

#2 - webauth.me > tap into name field and u get the popuop from (bitwarden)

But pocket-id have only the passkey button.

So, in the end I need to use Firefox 😅

@skyzuma commented on GitHub: Hello, idk if I correct but I've testet many browser on andorid 15 (sm-f731b) and only Firefox work with pocket-id (instantly). I think the implementation of passkey is the problem. #1 - after I write ur username u can press the passkey button #2 - webauth.me > tap into name field and u get the popuop from (bitwarden) But pocket-id have only the passkey button. So, in the end I need to use Firefox 😅
OVERLORD commented 2025-10-07 23:56:56 +03:00
Author
Owner
Copy Link

@gokussjx commented on GitHub:

@skyzuma Chrome Android doesn’t work for you? It works fine for me. My issue is exclusively with Brave.

@gokussjx commented on GitHub: @skyzuma Chrome Android doesn’t work for you? It works fine for me. My issue is exclusively with Brave.
OVERLORD commented 2025-10-07 23:56:56 +03:00
Author
Owner
Copy Link

@gokussjx commented on GitHub:

I think it might be unrelated.

Just tested on both and found them working on Brave for Android. Got the pop-up and everything to use the added passkey.

I also did the "browser support test" on webauthn.me and got both the checkboxes green.

@gokussjx commented on GitHub: I think it might be unrelated. Just tested on both and found them working on Brave for Android. Got the pop-up and everything to use the added passkey. <img src="https://github.com/user-attachments/assets/9bf9b212-c200-4285-855a-80ac6c5e44ea" width="288" height="588"> <img src="https://github.com/user-attachments/assets/1122f1d1-1fcc-47c4-a836-227bd99dcd3b" width="288" height="588"> I also did the "browser support test" on webauthn.me and got both the checkboxes green. <img src="https://github.com/user-attachments/assets/7571c7c7-aba4-40a2-be95-75a4cf0e4f25" width="288" height="588">
OVERLORD commented 2025-10-07 23:56:58 +03:00
Author
Owner
Copy Link

@bfqrst commented on GitHub:

Since I too encountered this issue AND I'm on the exact same setup (Brave / Bitwarden), I took the liberty to test it to no avail!

  1. registered a username
  2. did not fill in the username
  3. hit Authenticate
  4. nothing happened

Did the same with User Verification set to Required, again, nothing! FWIW, same process works fine on Brave for MacOS as far as I can tell. Let's see if @gokussjx can confirm...

@bfqrst commented on GitHub: Since I too encountered this issue AND I'm on the exact same setup (Brave / Bitwarden), I took the liberty to test it to no avail! 1. registered a username 2. did **not** fill in the username 3. hit _Authenticate_ 4. nothing happened Did the same with _User Verification_ set to _Required_, again, nothing! FWIW, same process works fine on Brave for MacOS as far as I can tell. Let's see if @gokussjx can confirm...
OVERLORD commented 2025-10-07 23:56:58 +03:00
Author
Owner
Copy Link

@bfqrst commented on GitHub:

I'm also having a similar issue. It was working fine until I updated to the latest version. Had to reset everything and start over and still having the issue. When I try to add a passkey, it says unknown error occured. Before the latest update, if I try to add a passkey, it will pop up the bitwarden passkey option. Tired it on chrome, firefox and edge and all having the same issue. It's hosted on docker and using the latest docker compose at port 1411.

Image

That I can not confirm! For me, the issue the OP raised, I have had before v1.0.0! Also following the migration steps, I was able to use configured passkeys without a hiccup. I have 2 Pocket-ID instances running, both installed pre-v1, both migrated to v1.x.x, both behave the same as it relates to the issue at hand.

@bfqrst commented on GitHub: > I'm also having a similar issue. It was working fine until I updated to the latest version. Had to reset everything and start over and still having the issue. When I try to add a passkey, it says unknown error occured. Before the latest update, if I try to add a passkey, it will pop up the bitwarden passkey option. Tired it on chrome, firefox and edge and all having the same issue. It's hosted on docker and using the latest docker compose at port 1411. > > ![Image](https://github.com/user-attachments/assets/84d7a5d9-9c44-483f-8ebc-da2e47789dd3) That I can not confirm! For me, the issue the OP raised, I have had before v1.0.0! Also following the migration steps, I was able to use configured passkeys without a hiccup. I have 2 Pocket-ID instances running, both installed pre-v1, both migrated to v1.x.x, both behave the same as it relates to the issue at hand.
OVERLORD commented 2025-10-07 23:56:59 +03:00
Author
Owner
Copy Link

@harryxmin commented on GitHub:

I'm also having a similar issue. It was working fine until I updated to the latest version. Had to reset everything and start over and still having the issue. When I try to add a passkey, it says unknown error occured. Before the latest update, if I try to add a passkey, it will pop up the bitwarden passkey option. Tired it on chrome, firefox and edge and all having the same issue. It's hosted on docker and using the latest docker compose at port 1411.

Image

@harryxmin commented on GitHub: I'm also having a similar issue. It was working fine until I updated to the latest version. Had to reset everything and start over and still having the issue. When I try to add a passkey, it says unknown error occured. Before the latest update, if I try to add a passkey, it will pop up the bitwarden passkey option. Tired it on chrome, firefox and edge and all having the same issue. It's hosted on docker and using the latest docker compose at port 1411. ![Image](https://github.com/user-attachments/assets/84d7a5d9-9c44-483f-8ebc-da2e47789dd3)
OVERLORD commented 2025-10-07 23:56:59 +03:00
Author
Owner
Copy Link

@C8opmBM commented on GitHub:

I've tested this with both vanadium and brave, I have no issues logging in with bitwarden passkey (popup).

@C8opmBM commented on GitHub: I've tested this with both vanadium and brave, I have no issues logging in with bitwarden passkey (popup).
OVERLORD commented 2025-10-07 23:56:59 +03:00
Author
Owner
Copy Link

@stonith404 commented on GitHub:

@gokussjx Thanks for testing, could you test it on https://webauthn.io again but without entering a username when you sign in? So you have to register first with a username and then authenticate but without entering the username again.

If this works please try the same again but set "userVerification" to "required":

Image

@stonith404 commented on GitHub: @gokussjx Thanks for testing, could you test it on https://webauthn.io again but without entering a username when you sign in? So you have to register first with a username and then authenticate but without entering the username again. If this works please try the same again but set "userVerification" to "required": ![Image](https://github.com/user-attachments/assets/2d61639b-de2d-4b1e-8288-57a730817e84)
OVERLORD commented 2025-10-07 23:57:01 +03:00
Author
Owner
Copy Link

@harryxmin commented on GitHub:

I'm also having a similar issue. It was working fine until I updated to the latest version. Had to reset everything and start over and still having the issue. When I try to add a passkey, it says unknown error occured. Before the latest update, if I try to add a passkey, it will pop up the bitwarden passkey option. Tired it on chrome, firefox and edge and all having the same issue. It's hosted on docker and using the latest docker compose at port 1411.

Image

I fixed my problem just now. I had to change the PUBLIC_APP_URL to APP_URL in the .env file and it was sorted.

@harryxmin commented on GitHub: > I'm also having a similar issue. It was working fine until I updated to the latest version. Had to reset everything and start over and still having the issue. When I try to add a passkey, it says unknown error occured. Before the latest update, if I try to add a passkey, it will pop up the bitwarden passkey option. Tired it on chrome, firefox and edge and all having the same issue. It's hosted on docker and using the latest docker compose at port 1411. > > ![Image](https://github.com/user-attachments/assets/84d7a5d9-9c44-483f-8ebc-da2e47789dd3) I fixed my problem just now. I had to change the PUBLIC_APP_URL to APP_URL in the .env file and it was sorted.
OVERLORD commented 2025-10-07 23:57:01 +03:00
Author
Owner
Copy Link

@stonith404 commented on GitHub:

Thanks for testing. Yeah this confirms that Brave doesn't support discoverable credentials (or maybe it's a bug), but we can't do anything on our side here.

The reason why this is working for Paypal is because they allow non discoverable credentials and Pocket ID only allows discoverable credentials.

You can read more about the difference in this article. But here is the most interesting part:

Passkeys are primarily driven by the use of discoverable credentials. Discoverable credentials are a mechanism provided by the WebAuthn specification that allows for seamless authentication without the user having to provide either a username or password. In fact, WebAuthn credentials are determined to be passkeys based on their “discoverability”. In this section we are going to discuss discoverable credentials, and their alternative non-discoverable credentials.

@stonith404 commented on GitHub: Thanks for testing. Yeah this confirms that Brave doesn't support discoverable credentials (or maybe it's a bug), but we can't do anything on our side here. The reason why this is working for Paypal is because they allow non discoverable credentials and Pocket ID only allows discoverable credentials. You can read more about the difference in [this article](https://developers.yubico.com/Passkeys/Passkey_concepts/Discoverable_vs_non-discoverable_credentials.html). But here is the most interesting part: > Passkeys are primarily driven by the use of discoverable credentials. Discoverable credentials are a mechanism provided by the WebAuthn specification that allows for seamless authentication without the user having to provide either a username or password. In fact, WebAuthn credentials are determined to be passkeys based on their “discoverability”. In this section we are going to discuss discoverable credentials, and their alternative non-discoverable credentials.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
breaking
bug
documentation
feature
needs more upvotes
open to pull requests
pull-request
Mirrored from GitHub Pull Request
No Label bug
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
OVERLORD
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: starred/pocket-id-pocket-id-1#188
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?