February 10Feb 10 Environment: Enpass browser extension on Firefox, Linux (Arch) Issue: Passkey registration immediately fails with NotAllowedError on sites that set authenticatorSelection.userVerification to "discouraged" in their WebAuthn navigator.credentials.create() call. The Enpass passkey prompt never appears. Affected site: npmjs.com (2FA setup) Steps to reproduce: 1. Go to npmjs.com → Account Settings → Enable 2FA 2. Enpass prompt never appears, site shows "Device registration failed" 3. Browser console shows: NotAllowedError: The request is not allowed by the user agent or the platform in the current context Root cause: npmjs.com passes userVerification: "discouraged" and residentKey: "discouraged" in the WebAuthn options. This is a valid WebAuthn configuration, but Enpass immediately rejects it. Proof: Patching the options to "preferred" before the call reaches Enpass makes it work: const origCreate = navigator.credentials.create.bind(navigator.credentials); navigator.credentials.create = function(opts) { opts.publicKey.authenticatorSelection.userVerification = "preferred"; opts.publicKey.authenticatorSelection.residentKey = "preferred"; return origCreate(opts); }; After this patch, Enpass opens normally and registration succeeds. Comparison: Sites like webauthn.io that use userVerification: "preferred" work fine with Enpass. Confirmed not Firefox: A clean Firefox profile with no extensions shows Firefox's native WebAuthn dialog on npmjs.com without issues.
Create an account or sign in to comment