Man
July 8, 2025, 9:59pm
1
Hi,
When I try to add a passkey to this site, support.nitrokey.com , I am getting the following error.
The passkey registration process either timed out, was cancelled or is not allowed.
I have nitrokey 3.
Also I am able to register a software passkey via bitwarden and it seems to work fine.
Tested it on firefox and ungoogled chromium on Linux.
Hello,
unfortunately I’m not sure if this feature is working on the forum.
agr
February 25, 2026, 1:22pm
3
I think it the nitrokey (at least mine) does not work with the discourse forum software passkey support, which is a shame. Could someone from nitrokey try to fix it it with the discourse people? This makes for a bad impression, not being able to use the key in the forums. “Eat your own dog food” issue
agr
March 7, 2026, 11:51am
4
Ok, i got it fixed upstreams. The fixed registration and authentication and took it only on meta.discourse.com
main ← fix-hardware-passkeys
opened 10:41PM - 04 Mar 26 UTC
**Currently, passkey registration has two bugs:**
1. Registration fails with … an HTTP 500 for authenticators that include extension data (i.e. `hmac-secret` in their attestation response) because we slice all bytes after the credential ID the public key.
2. Registration fails with `NotAllowedError` on some hardware keys (i.e. Solo 2) because `pubKeyCredParams` includes invalid HMAC symmetric algorithms from the `COSE` gem, which strict authenticator firmware rejects.
**This fix:**
1. Uses `CBOR::Unpacker` streaming decode to read exactly one `CBOR` object from the byte stream, stopping before any trailing extension data. Also adds `COSE::MalformedKeyError` to the rescue block so future failures return a proper error response.
2. Replaces the blanket `COSE::Algorithm.registered_algorithm_ids` with an explicit list of asymmetric signature algorithms valid for `WebAuthn`.
Meta bug report: https://meta.discourse.org/t/cant-set-up-passkey-on-any-discourse/397642/
is there any way to tag somebody who can update the forum?
