🐛 Bug Report: Chrome password manager passkeys timeout #567

New Issue

OVERLORD · 2026-02-04T20:29:26+03:00

OVERLORD commented

2026-02-04 20:29:26 +03:00

Originally created by @kja999 on GitHub (Dec 15, 2025).

Reproduction steps

Using Chrome on Android 16 on Samsung devices.
Log in to PocketID using a login code.
Create a new passkey and confirm to store in the Chrome password manager.
Wait for token expire or logout..
Try to login (any site which triggers the oicd flow with PocketID)
Get the prompt for the stored passkey, attempt to select to login.
Selection is ok, PocketID shows progress spinning wheel as well as the passkey wallet, then message "The authenticator timed out, Please try to sign in again"
After this, always the same failure.

Possibly a Chrome thing? Bitwarden doesnt have the issue.

Expected behavior

After selecting the passkey it should login.

Actual Behavior

PocketID shows progress spinning wheel as well as the passkey wallet, then message "The authenticator timed out, Please try to sign in again"

Pocket ID Version

V1.16

Database

sqlite

OS and Environment

Fedora 42, docker, also using pangolin as reverse proxy

Log Output

Nothing

Originally created by @kja999 on GitHub (Dec 15, 2025). ### Reproduction steps Using Chrome on Android 16 on Samsung devices. Log in to PocketID using a login code. Create a new passkey and confirm to store in the Chrome password manager. Wait for token expire or logout.. Try to login (any site which triggers the oicd flow with PocketID) Get the prompt for the stored passkey, attempt to select to login. Selection is ok, PocketID shows progress spinning wheel as well as the passkey wallet, then message "The authenticator timed out, Please try to sign in again" After this, always the same failure. Possibly a Chrome thing? Bitwarden doesnt have the issue. ### Expected behavior After selecting the passkey it should login. ### Actual Behavior PocketID shows progress spinning wheel as well as the passkey wallet, then message "The authenticator timed out, Please try to sign in again" ### Pocket ID Version V1.16 ### Database sqlite ### OS and Environment Fedora 42, docker, also using pangolin as reverse proxy ### Log Output Nothing

OVERLORD closed this issue

2026-02-04 20:29:35 +03:00

OVERLORD commented

2026-02-04 20:29:39 +03:00

@stonith404 commented on GitHub (Dec 17, 2025):

Does this issue also occur if you try to register and then sign in with the passkey on https://webauthn.io?

@stonith404 commented on GitHub (Dec 17, 2025): Does this issue also occur if you try to register and then sign in with the passkey on https://webauthn.io?

OVERLORD commented

2026-02-04 20:29:43 +03:00

@kja999 commented on GitHub (Dec 17, 2025):

Curious. I just tested and first create a new passkey with the Register. This prompts for passkey to be generated, enter lockscreen pattern, then it goes back to the main screen.
Then trying Authenticate (not closing browser or anything else), I get "The operation either timed out or was not allowed. See ..."
Close the browser and back to Authenticate gives " That username has no registered credentials".
From this I assume its an issue with Android/Chrome ?

@kja999 commented on GitHub (Dec 17, 2025): Curious. I just tested and first create a new passkey with the Register. This prompts for passkey to be generated, enter lockscreen pattern, then it goes back to the main screen. Then trying Authenticate (not closing browser or anything else), I get "The operation either timed out or was not allowed. See ..." Close the browser and back to Authenticate gives " That username has no registered credentials". From this I assume its an issue with Android/Chrome ?

OVERLORD commented

2026-02-04 20:29:51 +03:00

@kja999 commented on GitHub (Dec 17, 2025):

Out of interest, tried webauthn.io from firefox on the same device, also triggers the google wallet for the passkey, but message is instead "The request is not allowed by the user agent or the platform in the current context, possibly because the user denied permission"

@kja999 commented on GitHub (Dec 17, 2025): Out of interest, tried webauthn.io from firefox on the same device, also triggers the google wallet for the passkey, but message is instead "The request is not allowed by the user agent or the platform in the current context, possibly because the user denied permission"

OVERLORD commented

2026-02-04 20:29:57 +03:00

@stonith404 commented on GitHub (Dec 18, 2025):

Yeah if it doesn't work on webauthn.io then the issue is not Pocket ID related.

I don't have an Android smartphone so I have no clue what's going on but we had a few issues with Android in the past. I would recommend you to search trough the issues with the "android" keyword. One issue I can remember was caused by Bitwarden, as soon as the user has disabled the Bitwarden extension it worked again.

@stonith404 commented on GitHub (Dec 18, 2025): Yeah if it doesn't work on webauthn.io then the issue is not Pocket ID related. I don't have an Android smartphone so I have no clue what's going on but we had a few issues with Android in the past. I would recommend you to search trough the issues with the "android" keyword. One issue I can remember was caused by Bitwarden, as soon as the user has disabled the Bitwarden extension it worked again.

OVERLORD commented

2026-02-04 20:30:06 +03:00

@kja999 commented on GitHub (Dec 18, 2025):

Thanks, will have a dig around! Webauthn.io is a great guide

@kja999 commented on GitHub (Dec 18, 2025): Thanks, will have a dig around! Webauthn.io is a great guide

OVERLORD referenced this issue

2026-02-04 20:57:43 +03:00

[PR #567] [MERGED] feat: show allowed group count on oidc client list #836

Sign in to join this conversation.