🐛 Bug Report: Passkey Setup Not working #588

New Issue

Closed

opened 2026-02-04 20:35:37 +03:00 by OVERLORD · 2 comments

OVERLORD commented 2026-02-04 20:35:37 +03:00

Owner

Copy Link

Originally created by @epsilon2319 on GitHub (Jan 4, 2026).

Reproduction steps

When I try and set up an account through mydomain.tld/setup I get the normal landing page where it wants me to create a a user.I did so,but no passkey set up prompt followed.I can't authenticate myself even though I have an admin account.I am on a Synology NAS and this is my docker compose.

services:
pocket-id:
image: ghcr.io/pocket-id/pocket-id:v2
container_name: pocket-id
restart: unless-stopped

user: "1026:100"          

ports:
  - "3002:3000"           

volumes:
  - /volume1/docker/pocket-id/data:/app/data

environment:
  - PORT=3000
  - PUBLIC_APP_URL=https://mydomain.tld
  - TRUST_PROXY=true
  - LOG_LEVEL=info
  - ENCRYPTION_KEY=placeholder

Expected behavior

Passkey set up prompt.

Actual Behavior

No passkey setup page/prompt.

Pocket ID Version

v2.02

Database

SQLite

OS and Environment

Docker on Synology NAS through portainer

Log Output

Jan 4 02:41:48 INF Pocket ID is starting app=pocket-id version=2.0.2
Jan 4 02:41:48 INF Connected to database app=pocket-id version=2.0.2 provider=sqlite
Jan 4 02:41:48 WRN MAXMIND_LICENSE_KEY environment variable is empty: the GeoLite2 City database won't be updated app=pocket-id version=2.0.2
Jan 4 02:41:48 INF Acquired application lock app=pocket-id version=2.0.2 process_id=1 host_id=8c825b758bab
Jan 4 02:41:48 INF Starting job scheduler app=pocket-id version=2.0.2
Jan 4 02:41:48 INF Server listening app=pocket-id version=2.0.2 addr=0.0.0.0:3000
Jan 4 02:41:48 INF Starting job app=pocket-id version=2.0.2 name=ClearWebauthnSessions id=c78ecafc-c352-4670-8d79-ecdd86663308
Jan 4 02:41:48 INF Starting job app=pocket-id version=2.0.2 name=ClearOidcRefreshTokens id=12813b7e-a576-4fe3-8d9f-c95f91aadebd
Jan 4 02:41:48 INF Starting job app=pocket-id version=2.0.2 name=ClearReauthenticationTokens id=394fd3e3-51be-45a7-a56e-5e7ae52b3f39
Jan 4 02:41:48 INF Starting job app=pocket-id version=2.0.2 name=ClearSignupTokens id=7f5baeda-06c7-461d-a02f-276e6f0bf01e
Jan 4 02:41:48 INF Starting job app=pocket-id version=2.0.2 name=SendHeartbeat id=e09e2e3a-1697-4df5-905d-29223e143d5f
Jan 4 02:41:48 INF Starting job app=pocket-id version=2.0.2 name=ClearOneTimeAccessTokens id=c2b376e5-7152-4b0a-9b87-df32eb36a741
Jan 4 02:41:48 INF Starting job app=pocket-id version=2.0.2 name=SyncLdap id=09766a77-a835-4b4f-a315-9110ae21769e
Jan 4 02:41:48 INF Job run successfully app=pocket-id version=2.0.2 name=SyncLdap id=09766a77-a835-4b4f-a315-9110ae21769e
Jan 4 02:41:48 INF Starting job app=pocket-id version=2.0.2 name=ClearAuditLogs id=fdcfacd2-accf-439c-8c0f-da6b5d331d2d
Jan 4 02:41:48 INF Starting job app=pocket-id version=2.0.2 name=ClearOidcAuthorizationCodes id=bd899701-bb85-4de8-bc96-30f6ae080441
Jan 4 02:41:48 INF Starting job app=pocket-id version=2.0.2 name=ClearOrphanedTempFiles id=bf3b4ecf-1ec3-475f-b1c9-5ffb48d73c3b
Jan 4 02:41:48 INF Done cleaning orphaned temp files app=pocket-id version=2.0.2 count=0
Jan 4 02:41:48 INF Job run successfully app=pocket-id version=2.0.2 name=ClearOrphanedTempFiles id=bf3b4ecf-1ec3-475f-b1c9-5ffb48d73c3b
Jan 4 02:41:48 INF Cleaned expired WebAuthn sessions app=pocket-id version=2.0.2 count=2
Jan 4 02:41:48 INF Job run successfully app=pocket-id version=2.0.2 name=ClearWebauthnSessions id=c78ecafc-c352-4670-8d79-ecdd86663308
Jan 4 02:41:48 INF Cleaned expired tokens app=pocket-id version=2.0.2 count=0
Jan 4 02:41:48 INF Job run successfully app=pocket-id version=2.0.2 name=ClearSignupTokens id=7f5baeda-06c7-461d-a02f-276e6f0bf01e
Jan 4 02:41:48 INF Cleaned expired one-time access tokens app=pocket-id version=2.0.2 count=0
Jan 4 02:41:48 INF Job run successfully app=pocket-id version=2.0.2 name=ClearOneTimeAccessTokens id=c2b376e5-7152-4b0a-9b87-df32eb36a741
Jan 4 02:41:48 INF Cleaned expired OIDC authorization codes app=pocket-id version=2.0.2 count=0
Jan 4 02:41:48 INF Job run successfully app=pocket-id version=2.0.2 name=ClearOidcAuthorizationCodes id=bd899701-bb85-4de8-bc96-30f6ae080441
Jan 4 02:41:48 INF Cleaned expired reauthentication tokens app=pocket-id version=2.0.2 count=0
Jan 4 02:41:48 INF Job run successfully app=pocket-id version=2.0.2 name=ClearReauthenticationTokens id=394fd3e3-51be-45a7-a56e-5e7ae52b3f39
Jan 4 02:41:48 INF Deleted old audit logs app=pocket-id version=2.0.2 count=0
Jan 4 02:41:48 INF Job run successfully app=pocket-id version=2.0.2 name=ClearAuditLogs id=fdcfacd2-accf-439c-8c0f-da6b5d331d2d
Jan 4 02:41:48 INF Cleaned expired OIDC refresh tokens app=pocket-id version=2.0.2 count=0
Jan 4 02:41:48 INF Job run successfully app=pocket-id version=2.0.2 name=ClearOidcRefreshTokens id=12813b7e-a576-4fe3-8d9f-c95f91aadebd
Jan 4 02:41:50 ERR Job failed with error app=pocket-id version=2.0.2 name=SendHeartbeat id=e09e2e3a-1697-4df5-905d-29223e143d5f error="heartbeat request failed: failed to send request: Post "https://analytics.pocket-id.org/heartbeat": dial tcp 0.0.0.0:443: connect: connection refused"
Jan 4 02:43:37 INF Request app=pocket-id version=2.0.2 status=200 method=GET path=/login query="" route="" ip=87.249.134.30 latency=99.824µs referer="" user_agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36" body_size=2024
Jan 4 02:43:38 WRN Request with errors: Error #01: You are not signed in
app=pocket-id version=2.0.2 status=401 method=GET path=/api/users/me query="" route=/api/users/me ip=87.249.134.30 latency=189.989µs referer=https://mydomain.tld/login user_agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36" body_size=33
Jan 4 02:43:38 INF Request app=pocket-id version=2.0.2 status=200 method=GET path=/api/application-configuration query="" route=/api/application-configuration ip=87.249.134.30 latency=323.764µs referer=https://mydomain.tld/login user_agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36" body_size=572

Originally created by @epsilon2319 on GitHub (Jan 4, 2026). ### Reproduction steps When I try and set up an account through mydomain.tld/setup I get the normal landing page where it wants me to create a a user.I did so,but no passkey set up prompt followed.I can't authenticate myself even though I have an admin account.I am on a Synology NAS and this is my docker compose. services: pocket-id: image: ghcr.io/pocket-id/pocket-id:v2 container_name: pocket-id restart: unless-stopped user: "1026:100" ports: - "3002:3000" volumes: - /volume1/docker/pocket-id/data:/app/data environment: - PORT=3000 - PUBLIC_APP_URL=https://mydomain.tld - TRUST_PROXY=true - LOG_LEVEL=info - ENCRYPTION_KEY=placeholder ### Expected behavior Passkey set up prompt. ### Actual Behavior No passkey setup page/prompt. ### Pocket ID Version v2.02 ### Database SQLite ### OS and Environment Docker on Synology NAS through portainer ### Log Output Jan 4 02:41:48 INF Pocket ID is starting app=pocket-id version=2.0.2 Jan 4 02:41:48 INF Connected to database app=pocket-id version=2.0.2 provider=sqlite Jan 4 02:41:48 WRN MAXMIND_LICENSE_KEY environment variable is empty: the GeoLite2 City database won't be updated app=pocket-id version=2.0.2 Jan 4 02:41:48 INF Acquired application lock app=pocket-id version=2.0.2 process_id=1 host_id=8c825b758bab Jan 4 02:41:48 INF Starting job scheduler app=pocket-id version=2.0.2 Jan 4 02:41:48 INF Server listening app=pocket-id version=2.0.2 addr=0.0.0.0:3000 Jan 4 02:41:48 INF Starting job app=pocket-id version=2.0.2 name=ClearWebauthnSessions id=c78ecafc-c352-4670-8d79-ecdd86663308 Jan 4 02:41:48 INF Starting job app=pocket-id version=2.0.2 name=ClearOidcRefreshTokens id=12813b7e-a576-4fe3-8d9f-c95f91aadebd Jan 4 02:41:48 INF Starting job app=pocket-id version=2.0.2 name=ClearReauthenticationTokens id=394fd3e3-51be-45a7-a56e-5e7ae52b3f39 Jan 4 02:41:48 INF Starting job app=pocket-id version=2.0.2 name=ClearSignupTokens id=7f5baeda-06c7-461d-a02f-276e6f0bf01e Jan 4 02:41:48 INF Starting job app=pocket-id version=2.0.2 name=SendHeartbeat id=e09e2e3a-1697-4df5-905d-29223e143d5f Jan 4 02:41:48 INF Starting job app=pocket-id version=2.0.2 name=ClearOneTimeAccessTokens id=c2b376e5-7152-4b0a-9b87-df32eb36a741 Jan 4 02:41:48 INF Starting job app=pocket-id version=2.0.2 name=SyncLdap id=09766a77-a835-4b4f-a315-9110ae21769e Jan 4 02:41:48 INF Job run successfully app=pocket-id version=2.0.2 name=SyncLdap id=09766a77-a835-4b4f-a315-9110ae21769e Jan 4 02:41:48 INF Starting job app=pocket-id version=2.0.2 name=ClearAuditLogs id=fdcfacd2-accf-439c-8c0f-da6b5d331d2d Jan 4 02:41:48 INF Starting job app=pocket-id version=2.0.2 name=ClearOidcAuthorizationCodes id=bd899701-bb85-4de8-bc96-30f6ae080441 Jan 4 02:41:48 INF Starting job app=pocket-id version=2.0.2 name=ClearOrphanedTempFiles id=bf3b4ecf-1ec3-475f-b1c9-5ffb48d73c3b Jan 4 02:41:48 INF Done cleaning orphaned temp files app=pocket-id version=2.0.2 count=0 Jan 4 02:41:48 INF Job run successfully app=pocket-id version=2.0.2 name=ClearOrphanedTempFiles id=bf3b4ecf-1ec3-475f-b1c9-5ffb48d73c3b Jan 4 02:41:48 INF Cleaned expired WebAuthn sessions app=pocket-id version=2.0.2 count=2 Jan 4 02:41:48 INF Job run successfully app=pocket-id version=2.0.2 name=ClearWebauthnSessions id=c78ecafc-c352-4670-8d79-ecdd86663308 Jan 4 02:41:48 INF Cleaned expired tokens app=pocket-id version=2.0.2 count=0 Jan 4 02:41:48 INF Job run successfully app=pocket-id version=2.0.2 name=ClearSignupTokens id=7f5baeda-06c7-461d-a02f-276e6f0bf01e Jan 4 02:41:48 INF Cleaned expired one-time access tokens app=pocket-id version=2.0.2 count=0 Jan 4 02:41:48 INF Job run successfully app=pocket-id version=2.0.2 name=ClearOneTimeAccessTokens id=c2b376e5-7152-4b0a-9b87-df32eb36a741 Jan 4 02:41:48 INF Cleaned expired OIDC authorization codes app=pocket-id version=2.0.2 count=0 Jan 4 02:41:48 INF Job run successfully app=pocket-id version=2.0.2 name=ClearOidcAuthorizationCodes id=bd899701-bb85-4de8-bc96-30f6ae080441 Jan 4 02:41:48 INF Cleaned expired reauthentication tokens app=pocket-id version=2.0.2 count=0 Jan 4 02:41:48 INF Job run successfully app=pocket-id version=2.0.2 name=ClearReauthenticationTokens id=394fd3e3-51be-45a7-a56e-5e7ae52b3f39 Jan 4 02:41:48 INF Deleted old audit logs app=pocket-id version=2.0.2 count=0 Jan 4 02:41:48 INF Job run successfully app=pocket-id version=2.0.2 name=ClearAuditLogs id=fdcfacd2-accf-439c-8c0f-da6b5d331d2d Jan 4 02:41:48 INF Cleaned expired OIDC refresh tokens app=pocket-id version=2.0.2 count=0 Jan 4 02:41:48 INF Job run successfully app=pocket-id version=2.0.2 name=ClearOidcRefreshTokens id=12813b7e-a576-4fe3-8d9f-c95f91aadebd Jan 4 02:41:50 ERR Job failed with error app=pocket-id version=2.0.2 name=SendHeartbeat id=e09e2e3a-1697-4df5-905d-29223e143d5f error="heartbeat request failed: failed to send request: Post \"https://analytics.pocket-id.org/heartbeat\": dial tcp 0.0.0.0:443: connect: connection refused" Jan 4 02:43:37 INF Request app=pocket-id version=2.0.2 status=200 method=GET path=/login query="" route="" ip=87.249.134.30 latency=99.824µs referer="" user_agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36" body_size=2024 Jan 4 02:43:38 WRN Request with errors: Error #01: You are not signed in app=pocket-id version=2.0.2 status=401 method=GET path=/api/users/me query="" route=/api/users/me ip=87.249.134.30 latency=189.989µs referer=https://mydomain.tld/login user_agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36" body_size=33 Jan 4 02:43:38 INF Request app=pocket-id version=2.0.2 status=200 method=GET path=/api/application-configuration query="" route=/api/application-configuration ip=87.249.134.30 latency=323.764µs referer=https://mydomain.tld/login user_agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36" body_size=572

OVERLORD closed this issue 2026-02-04 20:35:38 +03:00

OVERLORD commented 2026-02-04 20:35:50 +03:00

Author

Owner

Copy Link

@stonith404 commented on GitHub (Jan 4, 2026):

Can you share the browser logs from the developer tools when you try to sign in?

@stonith404 commented on GitHub (Jan 4, 2026): Can you share the browser logs from the developer tools when you try to sign in?

OVERLORD commented 2026-02-04 20:35:54 +03:00

Author

Owner

Copy Link

@epsilon2319 commented on GitHub (Jan 5, 2026):

Ok ,so apparently I can't trust old posts from random websites and their docker compose to work with your new version.Especially a new v2.0.The problem was that I was missing APP_URL from my env variables.The error in my browser console was "tXc6KnY3.js:1 SecurityError: The RP ID "localhost" is invalid for this domain".The addition of mydomain.tld to APP_URL fixed it.Thank you for pointing me in the right direction.If I hadn't looked in the console output I wouldn't have even realized what the problem might be.Thing is that the environment variables change so much from version to version that they become out of date.

@epsilon2319 commented on GitHub (Jan 5, 2026): Ok ,so apparently I can't trust old posts from random websites and their docker compose to work with your new version.Especially a new v2.0.The problem was that I was missing APP_URL from my env variables.The error in my browser console was "tXc6KnY3.js:1 SecurityError: The RP ID "localhost" is invalid for this domain".The addition of mydomain.tld to APP_URL fixed it.Thank you for pointing me in the right direction.If I hadn't looked in the console output I wouldn't have even realized what the problem might be.Thing is that the environment variables change so much from version to version that they become out of date.

OVERLORD referenced this issue 2026-02-04 20:58:17 +03:00

[PR #588] [MERGED] fix: don't use TOFU for logout callback URLs #843

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

feat/email-verification

oidc-scopes

default-env-db-keys

slog-gorm

v2.2.0

v2.1.0

v2.0.2

v2.0.1

v2.0.0

v1.16.0

v1.15.0

v1.14.2

v1.14.1

v1.14.0

v1.13.1

v1.13.0

v1.12.0

v1.11.2

v1.11.1

v1.11.0

v1.10.0

v1.9.1

v1.9.0

v1.8.1

v1.8.0

v1.7.0

v1.6.4

v1.6.3

v1.6.2

v1.6.1

v1.6.0

v1.5.0

v1.4.1

v1.4.0

v1.3.1

v1.3.0

v1.2.0

v1.1.0

v1.0.0

v0.53.0

v0.52.0

v0.51.1

v0.51.0

v0.50.0

v0.49.0

v0.48.0

v0.47.0

v0.46.0

v0.45.0

v0.44.0

v0.43.1

v0.43.0

v0.42.1

v0.42.0

v0.41.0

v0.40.1

v0.40.0

v0.39.0

v0.38.0

v0.37.0

v0.36.0

v0.35.6

v0.35.5

v0.35.4

v0.35.3

v0.35.2

v0.35.1

v0.35.0

v0.34.0

v0.33.0

v0.32.0

v0.31.0

v0.30.0

v0.29.0

v0.28.1

v0.28.0

v0.27.2

v0.27.1

v0.27.0

v0.26.0

v0.25.1

v0.25.0

v0.24.1

v0.24.0

v0.23.0

v0.22.0

v0.21.0

v0.20.1

v0.20.0

v0.19.0

v0.18.0

v0.17.0

v0.16.0

v0.15.0

v0.14.0

v0.13.1

v0.13.0

v0.12.0

v0.11.0

v0.10.0

v0.9.0

v0.8.1

v0.8.0

v0.7.1

v0.7.0

v0.6.0

v0.5.3

v0.5.2

v0.5.1

v0.5.0

v0.4.1

v0.4.0

v0.3.1

v0.3.0

v0.2.1

v0.2.0

v0.1.3

v0.1.2

v0.1.1

v0.1.0

Labels

Clear labels

breaking

bug

bug

bug

documentation

feature

needs more upvotes

open to pull requests

pull-request

Mirrored from GitHub Pull Request

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

OVERLORD

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/pocket-id#588