ich habe seit einigen Tagen den neuen FIDO2-Stick. Nachdem ich schon mit dem SOLO-FIDO2 einige Erfahrungen gesammelt habe, bin ich etwas erstaunt, dass ich den Nitrokey-FIDO2 nur in den USB-Slot stecken muss, und nicht etwa wie beim SOLO-Key zusätzlich einen Button drücken muss. Wenn der Nitrokey schon im Slot steckt, blinkt zwar die LED, aber kein drücken/streicheln/berühren nützt, er muss raus und wieder rein. Ist das so korrekt? OS ist Win10, Testobjekt Google-Account.
We have decided to interpret the event of device insertion as an equivalent of the user presence (UP) confirmation, which makes it easier to use. This means the device accepts without touching the button any (single) request in the first 2 seconds of its insertion. This is a difference to Solokey.
About the second case, when the device is inserted already: it is supposed to wait for the touch button. In some cases under Windows 10 and Chrome browser the requests are doubled, which means the device would require 2 touches to confirm, since the first reply is discarded by the OS. At the current implementation each touch confirms only one request (a difference to Solokey, which confirms all incoming requests while the touch is pressed). If this is the case, please try to make two distinct touches, by releasing the touch and pressing again.
The FIDO2 proxy implementation on the Windows 10 side is still evolving. However if this will not change in the near time, we will have to implement some workaround for the sake of the convenience.
I will try to reproduce this after holidays, and add proper fixes.
Thank you for the details. Please let me know, whether the second press was working for you.
Please feel free to remind yourself, if I would take too long to reply after the holidays.
Google was a bit specific in the past (e.g. did only allow registration of keys via Chrome). Did you already tried other platforms? Did you try Chrome? Maybe this is (again) bound to Google specific handling of FIDO devices.
I have the same issue using a FIDO2 Nitrokey as U2F token on Firefox 73 / Linux.
The key is recognized when plugging it into the USB port during the authentication process.
But if the nitrokey is already plugged in, the login page waits for a keypress and no kind of touch / press on the nitrokey seems to help.
Tried with two different FIDO2 nitrokeys on USB2.0 and USB3.0 ports (directly connected and via hub).
The website is a nextcloud instance with twofactor_u2f authentication app.
did you check all the Fido2 keys you did send out as replacements? Mine I got here as replacement for the non-functional button on the first one, is too broken for this functionality. So I got in summary from 3 keys one which is working correctly. Sorry to say but I give up. Will use the defect key for all devices I have to plugin so I do not run in this problem (fortunately you check the USB plugin event).
