[Bug]: FIDO2/webauthn stopped working after update #51137
Description
⚠️ This issue respects the following points: ⚠️
- This is a bug, not a question or a configuration/webserver/proxy issue.
- This issue is not already reported on Github OR Nextcloud Community Forum (I've searched it).
- Nextcloud Server is up to date. See Maintenance and Release Schedule for supported versions.
- I agree to follow Nextcloud's Code of Conduct.
Bug description
Since the update to NC 31.0.0.18, passwordless login with webauthn (FIDO2) no longer works for me.
I wanted to log in with my Yubikey, the login screen showed no reaction and the Yubikey did not flash either. I logged in with my password, deleted the configuration on the security page and tried to create the passwordless login with my Yubikey again. But that didn’t work.
An error message appears: “Error, the device could not be registered”. Regardless of whether the Yubiky is plugged into the USB port or not.
U2FA with security key is not affected. This works with a Yubikey.
Steps to reproduce
1.Go to Personal Settings > Security
2. Choose Login without Password > Click "Add Webauthn Device"
3. An error Message was Displayed "Error, the device could not be registered"
Expected behavior
The webauthn device is linked to the user's login for passwordless login.
Nextcloud Server version
31.0.0 and 30.0.6
Operating system
Debian/Ubuntu
PHP engine version
PHP 8.3
Web server
Apache (supported)
Database engine version
PostgreSQL
Is this bug present after an update or on a fresh install?
Upgraded to a MAJOR version (ex. 31 to 32)
Are you using the Nextcloud Server Encryption module?
Encryption is Disabled
What user-backends are you using?
- Default user-backend (database)
- LDAP/ Active Directory
- SSO - SAML
- Other
Configuration report
{
"system": {
"instanceid": "***REMOVED SENSITIVE VALUE***",
"passwordsalt": "***REMOVED SENSITIVE VALUE***",
"secret": "***REMOVED SENSITIVE VALUE***",
"trusted_domains": [
"xxxxx.xxxxx.xx",
"127.0.0.1",
"xxx.xxx.x.xx",
"localhost"
],
"allow_local_remote_servers": true,
"datadirectory": "***REMOVED SENSITIVE VALUE***",
"overwritewebroot": "\/xxxxx",
"overwrite protocol": "https",
"overwrite.cli.url": "https:\/\/xxxx.xxxx.xx\/xxxx",
"dbtype": "pgsql",
"version": "31.0.0.18",
"dbname": "***REMOVED SENSITIVE VALUE***",
"dbhost": "***REMOVED SENSITIVE VALUE***",
"dbport": "",
"dbtableprefix": "oc_",
"dbuser": "***REMOVED SENSITIVE VALUE***",
"dbpassword": "***REMOVED SENSITIVE VALUE***",
"installed": true,
"app.mail.verify-tls-peer": false,
"mail_from_address": "***REMOVED SENSITIVE VALUE***",
"mail_smtpmode": "sendmail",
"mail_smtpauthtype": "LOGIN",
"mail_domain": "***REMOVED SENSITIVE VALUE***",
"maintenance": false,
"filelocking.enabled": true,
"memcache.locking": "\\OC\\Memcache\\Redis",
"memcache.local": "\\OC\\Memcache\\APCu",
"memcache.distributed": "\\OC\\Memcache\\Redis",
"redis": {
"host": "***REMOVED SENSITIVE VALUE***",
"port": 0,
"dbindex": 0,
"timeout": 1.5
},
"theme": "",
"loglevel": 0,
"twofactor_enforced": "false",
"twofactor_enforced_groups": [],
"twofactor_enforced_excluded_groups": [],
"mysql.utf8mb4": true,
"clear_site_data": true,
"mail_sendmailmode": "smtp",
"updater.release.channel": "stable",
"app_install_overwrite": [
"ocr",
"files_ebookreader",
"epubreader",
"dicomviewer",
"mindmap_app",
"fulltextsearch",
"fulltextsearch_elasticsearch",
"files_fulltextsearch",
"files_fulltextsearch_tesseract",
"riotchat",
"ojsxc",
"extract",
"memories",
"music",
"files_rightclick",
"metadata",
"talk_matterbridge",
"files_archive",
"cfg_share_links",
"files_mindmap",
"tasks",
"occweb",
"radio",
"files_antivirus",
"side_menu",
"duplicatefinder",
"epubviewer",
"maps",
"electronicsignatures",
"intros",
"thesearchpage",
"timemanager",
"uppush"
],
"preview_max_x": 2048,
"preview_max_y": 2048,
"jpeg_quality": 60,
"default_phone_region": "DE",
"enable_previews": true,
"session_relaxed_expiry": true,
"trusted_proxies": "***REMOVED SENSITIVE VALUE***",
"memories.exiftool": "\/var\/www\/nextcloud\/apps\/memories\/bin-ext\/exiftool-amd64-glibc",
"memories.vod.path": "\/var\/www\/nextcloud\/apps\/memories\/bin-ext\/go-vod-amd64",
"memories.vod.ffmpeg": "\/usr\/bin\/ffmpeg",
"memories.vod.ffprobe": "\/usr\/bin\/ffprobe",
"maintenance_window_start": 100,
"trashbin_retention_obligation": "auto, 30",
"versions_retention_obligation": "auto, 180",
"activity_expire_days": 365,
"memories.db.triggers.fcu": true,
"data-fingerprint": "2f550edebc0aa062e8c84b74fddcb9bc",
"auth.webauthn.enabled": true
}
}List of activated Apps
Enabled:
- activity: 4.0.0
- app_api: 5.0.2
- assistant: 2.4.0
- bruteforcesettings: 4.0.0
- calendar: 5.1.2
- cfg_share_links: 6.1.1
- circles: 31.0.0-dev.0
- cloud_federation_api: 1.14.0
- contacts: 7.0.1
- contactsinteraction: 1.12.0
- context_chat: 4.1.0
- dashboard: 7.11.0
- dav: 1.33.0
- deck: 1.15.0
- dicomviewer: 2.3.0
- drop_account: 2.7.1
- eidlogin: 1.0.18
- epubviewer: 1.7.2
- extract: 1.3.6
- federatedfilesharing: 1.21.0
- federation: 1.21.0
- files: 2.3.1
- files_archive: 1.2.3
- files_automatedtagging: 2.0.0
- files_downloadlimit: 4.0.0
- files_emailviewer: 0.1.4
- files_external: 1.23.0
- files_fulltextsearch: 30.0.0
- files_fulltextsearch_tesseract: 27.0.0
- files_mindmap: 0.0.33
- files_pdfviewer: 4.0.0
- files_reminders: 1.4.0
- files_sharing: 1.23.1
- files_trashbin: 1.21.0
- files_versions: 1.24.0
- files_zip: 2.1.0
- fileslibreofficeedit: 2.0.1
- firstrunwizard: 4.0.0
- flow_notifications: 2.0.0
- fulltextsearch: 31.0.0
- fulltextsearch_elasticsearch: 31.0.0
- gpoddersync: 3.12.0
- gpxpod: 7.0.4
- intros: 1.0.2
- libresign: 11.0.2
- logreader: 4.0.0
- lookup_server_connector: 1.19.0
- mail: 4.2.2
- maps: 1.5.0
- memories: 7.5.1
- metadata: 0.21.0
- nextcloud_announcements: 3.0.0
- notes: 4.11.0
- notifications: 4.0.0
- notify_push: 1.0.0
- oauth2: 1.19.1
- occweb: 0.2.2
- ownershiptransfer: 1.1.0
- passwords: 2025.2.20
- photos: 4.0.0-dev.1
- polls: 7.3.2
- previewgenerator: 5.8.0
- privacy: 3.0.0
- profile: 1.0.0
- provisioning_api: 1.21.0
- radio: 1.0.3
- recommendations: 4.0.0
- related_resources: 2.0.0
- repod: 3.5.5
- richdocuments: 8.6.2
- riotchat: 0.18.7
- serverinfo: 3.0.0
- settings: 1.14.0
- sharebymail: 1.21.0
- side_menu: 4.0.1
- snowflakestheme: 1.1.3
- spreed: 21.0.0
- support: 3.0.0
- survey_client: 3.0.0
- systemtags: 1.21.1
- talk_matterbridge: 1.31.1026000
- tasks: 0.16.1
- text: 5.0.0
- theming: 2.6.1
- thesearchpage: 1.2.8
- timemanager: 0.3.17
- twofactor_backupcodes: 1.20.0
- twofactor_webauthn: 2.1.0
- unroundedcorners: 1.1.4
- updatenotification: 1.21.0
- uppush: 2.2.5
- user_status: 1.11.0
- viewer: 4.0.0
- weather_status: 1.11.0
- webhook_listeners: 1.2.0
- welcome: 1.2.1
- workflow_ocr: 1.31.0
- workflow_script: 2.0.0
- workflowengine: 2.13.0
Disabled:
- admin_audit: 1.21.0 (installed 1.8.0)
- comments: 1.21.0 (installed 1.3.0)
- encryption: 2.19.0
- files_antivirus: 6.0.0 (installed 6.0.0)
- files_rightclick: 0.15.1 (installed 0.15.1)
- integration_openai: 3.4.0 (installed 3.4.0)
- password_policy: 3.0.0 (installed 1.3.0)
- snappymail: 2.38.2 (installed 2.38.2)
- suspicious_login: 9.0.1
- translate: 2.2.0 (installed 2.2.0)
- twofactor_nextcloud_notification: 5.0.0 (installed 5.0.0)
- twofactor_totp: 13.0.0-dev.0 (installed 13.0.0-dev.0)
- user_ldap: 1.22.0Nextcloud Signing status
Technical information
=====================
The following list covers which files have failed the integrity check. Please read
the previous linked documentation to learn more about the errors and how to fix
them.
Results
=======
- files_mindmap
- EXCEPTION
- OC\IntegrityCheck\Exceptions\InvalidSignatureException
- Certificate is not valid.
Raw output
==========
Array
(
[files_mindmap] => Array
(
[EXCEPTION] => Array
(
[class] => OC\IntegrityCheck\Exceptions\InvalidSignatureException
[message] => Certificate is not valid.
)
)
)Nextcloud Logs
{"reqId":"Z8FRoyF1TPO1rrGTsgZ1CgAAigE","level":0,"time":"2025-02-28T06:03:15+00:00","remoteAddr":"xxx.xxx.xxx.xxx","user":false,"app":"PHP","method":"PUT","url":"/ocs/v2.php/apps/user_status/api/v1/heartbeat?format=json","message":"Creation of dynamic property OCA\\Extract\\AppInfo\\Application::$appName is deprecated at /var/www/nextcloud/apps/extract/lib/AppInfo/Application.php#35","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:128.0) Gecko/20100101 Firefox/128.0","version":"31.0.0.18","data":{"app":"PHP"}}
{"reqId":"Z8FRoyF1TPO1rrGTsgZ1CwAAjQg","level":0,"time":"2025-02-28T06:03:16+00:00","remoteAddr":"xxx.xxx.xxx.xxx","user":false,"app":"PHP","method":"GET","url":"/index.php/settings/api/personal/webauthn/registration","message":"Creation of dynamic property OCA\\Extract\\AppInfo\\Application::$appName is deprecated at /var/www/nextcloud/apps/extract/lib/AppInfo/Application.php#35","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:128.0) Gecko/20100101 Firefox/128.0","version":"31.0.0.18","data":{"app":"PHP"}}
{"reqId":"Z8FRoyF1TPO1rrGTsgZ1CwAAjQg","level":0,"time":"2025-02-28T06:03:16+00:00","remoteAddr":"xxx.xxx.xxx.xxx","user":"me","app":"settings","method":"GET","url":"/index.php/settings/api/personal/webauthn/registration","message":"Starting WebAuthn registration","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:128.0) Gecko/20100101 Firefox/128.0","version":"31.0.0.18","data":{"app":"settings"}}Additional info
Browser console error:
Starting WebAuthn registration AddDevice.vue:129
[DEBUG] settings: Fetching webauthn registration data
Object { app: "settings", uid: "daniel", level: 0 }
app: "settings"
level: 0
uid: "me"
: Object { … }
index.mjs:45:16
[DEBUG] settings: Start webauthn registration
Object { app: "settings", uid: "me", level: 0 }
app: "settings"
level: 0
uid: "me"
: Object { … }
index.mjs:45:16
[ERROR] settings: Unexpected TypeError "e is undefined"
Object { app: "settings", uid: "me", level: 0, error: TypeError }
app: "settings"
error: TypeError: e is undefined
level: 0
uid: "me"