🐛 Bug Report: Unable to Add Passkey #513

New Issue

Closed

opened 2025-10-09 16:51:27 +03:00 by OVERLORD · 10 comments

OVERLORD commented 2025-10-09 16:51:27 +03:00

Owner

Copy Link

Originally created by @dhop90 on GitHub.

Reproduction steps

1. From a fresh install, access initial configuration @ http://pocketid/admin/setup
2. Modify admin account with firstname, lastname, email and username
3. attempt to "Add Passkey"
4. 1Password dialog window pops up to either Save passkey to New Item or Update Existing
   4a) In ether case I get 1Password encountered a problem - Try Again and "An unknown error occurred" error message is briefly displace at bottom of page

Expected behavior

It should allow me to add a passkey

Actual Behavior

Nothing happens, an error is displayed.
following log message is outputted "[GIN] 2024/08/12 - 22:43:30 | 200 | 57.093234ms | 10.244.7.254 | GET "/api/webauthn/register/start"

Originally created by @dhop90 on GitHub. ### Reproduction steps 1) From a fresh install, access initial configuration @ http://pocketid/admin/setup 2) Modify admin account with firstname, lastname, email and username 3) attempt to "Add Passkey" 4) 1Password dialog window pops up to either Save passkey to New Item or Update Existing 4a) In ether case I get 1Password encountered a problem - Try Again and "An unknown error occurred" error message is briefly displace at bottom of page ### Expected behavior It should allow me to add a passkey ### Actual Behavior Nothing happens, an error is displayed. following log message is outputted "[GIN] 2024/08/12 - 22:43:30 | 200 | 57.093234ms | 10.244.7.254 | GET "/api/webauthn/register/start"

OVERLORD added the bug label 2025-10-09 16:51:27 +03:00

OVERLORD closed this issue 2025-10-09 16:51:28 +03:00

OVERLORD commented 2025-10-09 16:51:31 +03:00

Author

Owner

Copy Link

@stonith404 commented on GitHub:

That's a strange error because it seems like the value of BackupEligible is not the same while logging in as when adding the passkey. Do you sometimes have issues with passkeys of 1Password on other services?

@stonith404 commented on GitHub: That's a strange error because it seems like the value of `BackupEligible` is not the same while logging in as when adding the passkey. Do you sometimes have issues with passkeys of 1Password on other services?

OVERLORD commented 2025-10-09 16:51:32 +03:00

Author

Owner

Copy Link

@dhop90 commented on GitHub:

I was able to add a passkey after setting PUBLIC_APP_URL to https://pocketid.domain.org. I made a bone-head mistake when I initially setup the app. My template for new apps included a traefik middleware to Authentik, and with that the PUBLIC_APP_URL had to be set to the internel kubernetes service. I add a passkey for the admin account and created a new admin account and also added a passkey for it. But when I try to login I get "something went wrong" for a second on the bottom of the window and these log messages:

[GIN] 2024/08/13 - 16:36:01 | 401 | 182.944µs | 10.244.11.80 | GET "/api/users/me"
[GIN] 2024/08/13 - 16:36:01 | 200 | 5.584298ms | 10.244.11.80 | GET "/api/application-configuration?showAll=false"
[GIN] 2024/08/13 - 16:36:01 | 200 | 5.671076ms | 10.244.11.80 | GET "/api/application-configuration?showAll=false"
SvelteKitError: Not found: /images/sign-in.jpg
at resolve2 (file:///app/frontend/build/server/index.js:5262:18)
at resolve (file:///app/frontend/build/server/index.js:5095:34)
at Object.handle (file:///app/frontend/build/server/chunks/hooks.server-DjAkxlOd.js:35:26)
at respond (file:///app/frontend/build/server/index.js:5093:43) {
status: 404,
text: 'Not Found'
}
[GIN] 2024/08/13 - 16:36:03 | 200 | 95.294404ms | 10.244.19.25 | GET "/api/webauthn/login/start"
[GIN] 2024/08/13 - 16:36:03 | 200 | 95.487773ms | 10.244.19.25 | GET "/api/webauthn/login/start"
[GIN] 2024/08/13 - 16:40:48 | 200 | 35.032227ms | 10.244.19.25 | GET "/api/webauthn/login/start"
[GIN] 2024/08/13 - 16:40:48 | 200 | 35.119671ms | 10.244.19.25 | GET "/api/webauthn/login/start"
2024/08/13 16:40:53 BackupEligible flag inconsistency detected during login validation
[GIN] 2024/08/13 - 16:40:53 | 500 | 14.1947ms | 10.244.19.25 | POST "/api/webauthn/login/finish"
[GIN] 2024/08/13 - 16:40:53 | 500 | 14.281607ms | 10.244.19.25 | POST "/api/webauthn/login/finish"

@dhop90 commented on GitHub: I was able to add a passkey after setting PUBLIC_APP_URL to https://pocketid.domain.org. I made a bone-head mistake when I initially setup the app. My template for new apps included a traefik middleware to Authentik, and with that the PUBLIC_APP_URL had to be set to the internel kubernetes service. I add a passkey for the admin account and created a new admin account and also added a passkey for it. But when I try to login I get "something went wrong" for a second on the bottom of the window and these log messages: [GIN] 2024/08/13 - 16:36:01 | 401 | 182.944µs | 10.244.11.80 | GET "/api/users/me" [GIN] 2024/08/13 - 16:36:01 | 200 | 5.584298ms | 10.244.11.80 | GET "/api/application-configuration?showAll=false" [GIN] 2024/08/13 - 16:36:01 | 200 | 5.671076ms | 10.244.11.80 | GET "/api/application-configuration?showAll=false" SvelteKitError: Not found: /images/sign-in.jpg at resolve2 (file:///app/frontend/build/server/index.js:5262:18) at resolve (file:///app/frontend/build/server/index.js:5095:34) at Object.handle (file:///app/frontend/build/server/chunks/hooks.server-DjAkxlOd.js:35:26) at respond (file:///app/frontend/build/server/index.js:5093:43) { status: 404, text: 'Not Found' } [GIN] 2024/08/13 - 16:36:03 | 200 | 95.294404ms | 10.244.19.25 | GET "/api/webauthn/login/start" [GIN] 2024/08/13 - 16:36:03 | 200 | 95.487773ms | 10.244.19.25 | GET "/api/webauthn/login/start" [GIN] 2024/08/13 - 16:40:48 | 200 | 35.032227ms | 10.244.19.25 | GET "/api/webauthn/login/start" [GIN] 2024/08/13 - 16:40:48 | 200 | 35.119671ms | 10.244.19.25 | GET "/api/webauthn/login/start" 2024/08/13 16:40:53 BackupEligible flag inconsistency detected during login validation [GIN] 2024/08/13 - 16:40:53 | 500 | 14.1947ms | 10.244.19.25 | POST "/api/webauthn/login/finish" [GIN] 2024/08/13 - 16:40:53 | 500 | 14.281607ms | 10.244.19.25 | POST "/api/webauthn/login/finish"

OVERLORD commented 2025-10-09 16:51:33 +03:00

Author

Owner

Copy Link

@stonith404 commented on GitHub:

Can you try to set the PUBLIC_APP_URL to https://pocketid.domain.org? Webauthn requires an RPId which is derived from the PUBLIC_APP_URL and when the RpId isn't the same as the domain where you try to add a passkey, it won't work.

@stonith404 commented on GitHub: Can you try to set the `PUBLIC_APP_URL` to https://pocketid.domain.org? Webauthn requires an `RPId` which is derived from the `PUBLIC_APP_URL` and when the `RpId` isn't the same as the domain where you try to add a passkey, it won't work.

OVERLORD commented 2025-10-09 16:51:34 +03:00

Author

Owner

Copy Link

@dhop90 commented on GitHub:

Not a big user of passkeys yet. What limited use I do have is through my job and I do not have any issues. When I added the passkeys for both accounts, I did not use 1Password. I've tried delete all passkeys as well as blowing away the config and pocket-id.db and starting fresh. If it makes a difference, I'm using chrome on a macbook pro, M1 model running Sonoma 14.6.1

@dhop90 commented on GitHub: Not a big user of passkeys yet. What limited use I do have is through my job and I do not have any issues. When I added the passkeys for both accounts, I did not use 1Password. I've tried delete all passkeys as well as blowing away the config and pocket-id.db and starting fresh. If it makes a difference, I'm using chrome on a macbook pro, M1 model running Sonoma 14.6.1

OVERLORD commented 2025-10-09 16:51:36 +03:00

Author

Owner

Copy Link

@dhop90 commented on GitHub:

Adding additional configuration information:
Running in kubernetes environment, PUBLIC_APP_URL = http://pocket-id.pocketid.svc.cluster.local which is a kubernetes internal service, I connect to the app at url https://pocketid.domain.org, SSL is provided via duckdns and kubernetes ingress. I'm running the latest docker image stonith404/pocket-id:v0.1.1

@dhop90 commented on GitHub: Adding additional configuration information: Running in kubernetes environment, PUBLIC_APP_URL = http://pocket-id.pocketid.svc.cluster.local which is a kubernetes internal service, I connect to the app at url https://pocketid.domain.org, SSL is provided via duckdns and kubernetes ingress. I'm running the latest docker image stonith404/pocket-id:v0.1.1

OVERLORD commented 2025-10-09 16:51:37 +03:00

Author

Owner

Copy Link

@dhop90 commented on GitHub:

getting same error message when I add a different passkey via camera phone and save to 1Password

@dhop90 commented on GitHub: getting same error message when I add a different passkey via camera phone and save to 1Password

OVERLORD commented 2025-10-09 16:51:38 +03:00

Author

Owner

Copy Link

@dhop90 commented on GitHub:

I'm using icloud keychain

@dhop90 commented on GitHub: I'm using icloud keychain

OVERLORD commented 2025-10-09 16:51:39 +03:00

Author

Owner

Copy Link

@stonith404 commented on GitHub:

Thanks, I think I have found the issue. Can you try v0.1.3? The Docker image should be available in around 20 minutes.

@stonith404 commented on GitHub: Thanks, I think I have found the issue. Can you try `v0.1.3`? The Docker image should be available in around 20 minutes.

OVERLORD commented 2025-10-09 16:51:40 +03:00

Author

Owner

Copy Link

@stonith404 commented on GitHub:

Okay thanks. Which passkey do you use?

@stonith404 commented on GitHub: Okay thanks. Which passkey do you use?

OVERLORD commented 2025-10-09 16:51:41 +03:00

Author

Owner

Copy Link

@dhop90 commented on GitHub:

I was able to login, now to configure a client. Thanks for the quick turn-around

@dhop90 commented on GitHub: I was able to login, now to configure a client. Thanks for the quick turn-around

OVERLORD referenced this issue 2025-10-09 16:56:45 +03:00

[PR #513] [MERGED] fix: handle CORS correctly for endpoints that SPAs need #765

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

oidc-scopes

breaking/v2

i18n_crowdin

v2/use-item-component

default-env-db-keys

slog-gorm

v1.16.0

v1.15.0

v1.14.2

v1.14.1

v1.14.0

v1.13.1

v1.13.0

v1.12.0

v1.11.2

v1.11.1

v1.11.0

v1.10.0

v1.9.1

v1.9.0

v1.8.1

v1.8.0

v1.7.0

v1.6.4

v1.6.3

v1.6.2

v1.6.1

v1.6.0

v1.5.0

v1.4.1

v1.4.0

v1.3.1

v1.3.0

v1.2.0

v1.1.0

v1.0.0

v0.53.0

v0.52.0

v0.51.1

v0.51.0

v0.50.0

v0.49.0

v0.48.0

v0.47.0

v0.46.0

v0.45.0

v0.44.0

v0.43.1

v0.43.0

v0.42.1

v0.42.0

v0.41.0

v0.40.1

v0.40.0

v0.39.0

v0.38.0

v0.37.0

v0.36.0

v0.35.6

v0.35.5

v0.35.4

v0.35.3

v0.35.2

v0.35.1

v0.35.0

v0.34.0

v0.33.0

v0.32.0

v0.31.0

v0.30.0

v0.29.0

v0.28.1

v0.28.0

v0.27.2

v0.27.1

v0.27.0

v0.26.0

v0.25.1

v0.25.0

v0.24.1

v0.24.0

v0.23.0

v0.22.0

v0.21.0

v0.20.1

v0.20.0

v0.19.0

v0.18.0

v0.17.0

v0.16.0

v0.15.0

v0.14.0

v0.13.1

v0.13.0

v0.12.0

v0.11.0

v0.10.0

v0.9.0

v0.8.1

v0.8.0

v0.7.1

v0.7.0

v0.6.0

v0.5.3

v0.5.2

v0.5.1

v0.5.0

v0.4.1

v0.4.0

v0.3.1

v0.3.0

v0.2.1

v0.2.0

v0.1.3

v0.1.2

v0.1.1

v0.1.0

Labels

Clear labels

breaking

bug

documentation

feature

needs more upvotes

open to pull requests

pull-request

Mirrored from GitHub Pull Request

No Label bug

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

OVERLORD

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/pocket-id-pocket-id-2#513