Nitrokey3 FIDO2 does not work with Forgejo

Tried to use Nitrokey 3C NFC for 2FA at with no success so far (runs forgejo/Gittea and asks for device supporting the WebAuthn Authenticator standard).

When I try to register the Nitrokey 3C NFC in the security settings, the key starts blinking and I’m ask to press it, then I get a “Could not read your security key. unknown error”.

My Nitrokey FIDO2 works flawlessly in the same application.

I’m on Firmware version: v1.5.0.

Any suggestion where this might come from?

1 Like


I seem to have the same error, but only on Firefox. Can you try with another browser to see if it works ?

We are investigating the error.

1 Like

Installed chromium and … :trumpet: … the registration worked without any issues. Thanks so much!

The best part is that now the key is registered with it also works with firefox. So, this solves the issues for now … long term it would of course be nice to not having to resort to another browser.

Hey @christian

could you please check, if the error also occurs after switching off ctap2 ?
You can do this like that:

  • visit about:config
  • find and set security.webauthn.ctap2 == false

afterwards, please try to register with the not working services.
CTAP2 arrived quite late in FF, so there are still some bugs floating around…


1 Like

Hi @daringer ,

went to about:config and switched security.webauthn.ctap2 to false (had been true previously). Then, logged into, went to the security settings, deleted the security key (nitrokey3), and re-register it afterwards. Went well (all with firefox); that is, I can register the security key with firefox once ctap2 is disabled.

Next, I logged out (keeping the about:config change intact), closed firefox, started it again, and redid the experiment (just to make sure). Same result: once ctap2 is disabled, registration works. Also, tried a few other ways (again, just to make sure I hadn’t missed something before): deleted security key, logged out and re-registered after a fresh login and more. Same result.

After enabling ctap2 again, I could still use the registered Nitrokey3. But when I delete it, the registration fails (same error as described above).

And, by the way, I’m using FF 115.0.2 (64-Bit).

1 Like

I had problem to enable my Nitrokey 3 on this nitrokey forum and the kuketz forum with firefox 116 (64bit) on Manjaro Linux. I figured out that it works with Chromium but not with Firefox.

Then I found the suggestion from @daringer :

You can do this like that:

visit about:config
find and set security.webauthn.ctap2 == false

Now it works!