NFC U2F on iOS not supported
kc9jud opened this issue · 9 comments
Steps to reproduce
- Log in to Nextcloud.
- Select U2F as second factor.
Expected behaviour
iOS prompt for NFC security key should appear. Example from Yubico demo site:
Actual behaviour
“An error occurred: U2F not supported.”
Server configuration
Operating system: Ubuntu 16.04 LTS
Web server: nginx/1.14.0 (Ubuntu)
Database: MariaDB 10.1.43-MariaDB-0ubuntu0.18.04.1
PHP version: PHP 7.2.24-0ubuntu0.18.04.2 (fpm)
Version: 17.0.2
Updated from an older version or fresh install: Updated from Nextcloud 16
List of activated apps:
Enabled:
- accessibility: 1.3.0
- activity: 2.10.1
- calendar: 2.0.0
- camerarawpreviews: 0.7.3
- cloud_federation_api: 1.0.0
- comments: 1.7.0
- contacts: 3.1.6
- dav: 1.13.0
- federatedfilesharing: 1.7.0
- federation: 1.7.0
- files: 1.12.0
- files_accesscontrol: 1.7.0
- files_pdfviewer: 1.6.0
- files_rightclick: 0.15.1
- files_sharing: 1.9.0
- files_trashbin: 1.7.0
- files_versions: 1.10.0
- files_videoplayer: 1.6.0
- firstrunwizard: 2.6.0
- gallery: 18.4.0
- logreader: 2.2.0
- lookup_server_connector: 1.5.0
- mail: 1.0.0
- music: 0.12.1
- nextcloud_announcements: 1.6.0
- notes: 3.1.1
- notifications: 2.5.0
- oauth2: 1.5.0
- password_policy: 1.7.0
- privacy: 1.1.0
- provisioning_api: 1.7.0
- recommendations: 0.5.0
- serverinfo: 1.7.0
- sharebymail: 1.7.0
- spreed: 7.0.2
- support: 1.0.1
- survey_client: 1.5.0
- systemtags: 1.7.0
- text: 1.1.1
- twofactor_backupcodes: 1.6.0
- twofactor_totp: 4.1.2
- twofactor_u2f: 5.0.2
- updatenotification: 1.7.0
- viewer: 1.2.0
- workflowengine: 1.7.0
Disabled:
- admin_audit
- bruteforcesettings
- encryption
- files_external
- theming
- user_ldap
The content of config/config.php:
{
"system": {
"apps_paths": [
{
"path": "\/var\/www\/nextcloud\/apps",
"url": "\/apps",
"writable": false
},
{
"path": "\/var\/www\/nextcloud\/extra-apps",
"url": "\/extra-apps",
"writable": true
}
],
"supportedDatabases": [
"mysql"
],
"memcache.locking": "\\OC\\Memcache\\Redis",
"memcache.local": "\\OC\\Memcache\\Redis",
"redis": {
"host": "***REMOVED SENSITIVE VALUE***",
"port": 0
},
"instanceid": "***REMOVED SENSITIVE VALUE***",
"passwordsalt": "***REMOVED SENSITIVE VALUE***",
"secret": "***REMOVED SENSITIVE VALUE***",
"trusted_domains": [
"nextcloud.patrickfasano.com"
],
"datadirectory": "***REMOVED SENSITIVE VALUE***",
"dbtype": "mysql",
"version": "17.0.2.1",
"overwrite.cli.url": "http:\/\/nextcloud.patrickfasano.com",
"dbname": "***REMOVED SENSITIVE VALUE***",
"dbhost": "***REMOVED SENSITIVE VALUE***",
"dbport": "",
"dbtableprefix": "oc_",
"mysql.utf8mb4": true,
"dbuser": "***REMOVED SENSITIVE VALUE***",
"dbpassword": "***REMOVED SENSITIVE VALUE***",
"installed": true,
"trusted_proxies": "***REMOVED SENSITIVE VALUE***",
"maintenance": false,
"overwritehost": "nextcloud.patrickfasano.com",
"mail_smtpmode": "smtp",
"mail_smtpauthtype": "PLAIN",
"mail_sendmailmode": "smtp",
"mail_smtpauth": 1,
"mail_from_address": "***REMOVED SENSITIVE VALUE***",
"mail_domain": "***REMOVED SENSITIVE VALUE***",
"mail_smtphost": "***REMOVED SENSITIVE VALUE***",
"mail_smtpsecure": "tls",
"mail_smtpport": "587",
"mail_smtpname": "***REMOVED SENSITIVE VALUE***",
"mail_smtppassword": "***REMOVED SENSITIVE VALUE***",
"twofactor_enforced": "false",
"twofactor_enforced_groups": [
"admin"
],
"twofactor_enforced_excluded_groups": [],
"loglevel": 2,
"theme": ""
}
}
Client configuration
Browser: Mobile Safari
Operating system: iOS 13.3 (17C54)
Logs
Web server error log
N/A
Server log (data/nextcloud.log)
N/A
Browser log
Hard to get without iOS developer tools...
updated with additional info
https://www.npmjs.com/package/u2f-api is what we use for the detection. It says Safari still lacks u2f support. Has that changed recently?
Guess this has to be fixed upstream: grantila/u2f-api#26. Once that is included our app should work with Safari as well :)
I had a similar problem of choosing nfc u2f on some android phones and thanks to yubico I solved installing google authenticator application this for chrome mobile. I don't know if you have a problem with chrome mobile.
I reported bugs here
That’s different — I have the NFC OTP app, so I can log in with my Yubikey if I use it to generate a one-time password. This issue is about U2F, a different type of second factor authentication.
then let's clarify two things:
yubico otp and yubico u2f are two ways of using the second authentication factor.
that said, how to use these two factors on a mobile phone depends on us, via USB, via NFC.
in android I had the problem of using yuvico u2f nfc because the key acceptance screen in chrome did not appear,
solved by installing google authenticator.
for yubico otp in android approaching my yubico 5 nfc to the mobile phone it makes me open a yubico page whereI enter my 64 digit otp code code which obviously changes every time i use otp. but the concept is that.
nextcloud that i also use does not support yubico otp but only ybico u2f or via nfc or via usb. then try to use google chrome and not ios and see if it alternatively installed google authenticator app and try
There's also a third option, which I was talking about: there's also TOTP support on Yubikey 5, which can be generated Yubico Authenticator.
In any case, this is an iOS-specific issue, and depends on the upstream JS library support. I can confirm that Google Authenticator doesn't interact here, and using Chrome on iOS doesn't work either.
It's now fixed upstream as of Jan 25.
grantila/u2f-api#26 (comment)
Cool. I just integrated #849