Broken FIDO2 authentication

FIDO2 authentication on the forum does not work

1 Like

Happening on https:// or .onion version of this forums?

Not sure I’ll be able to fix this. Seems quite complex to debug and upstream isn’t providing much support yet.

It is happening on https://

1 Like

This might require discourse’s force_https setting but if I enable this, it could break this forums’s .onion. With some server config changes, I managed to enable force_https and yet not break this forums’s .onion. I hope it does not have any bad site effects discovered later. Does this help?

What you could also try is making an account at https://meta.discourse.org and see if you can reproduce the issue there too. That would actually be good if the bug happens there too because then it’s unspecific to Whonix forums and maybe a bug that upstream could fix more easily.


(Severing discourse on two different domain names, let alone https + onion is already unsupported by upstream. And this was difficult to achieve. → Can I have two domains pointing towards the same IP address without redirect? - support - Discourse Meta)

Yes, FIDO2 auth works now :slight_smile:

1 Like

Excellent!

I mean you could do that. Or you could force a weaker method (TOTP) as a fallback. Neither of which is ideal though.

1 Like