So this is a bit of a confusing thing as well. Is there actually a way to register a passkey for discourse? Not a security key?
I ask because so many software solutions and relying parties / web services never really figured out the difference in terminology. Even today, you can find websites that will give you a security key section to register u2f tokens and a passkey section to register a passkey… but there are plenty of websites that just lump it all together under security key… or you can literally register under both passkey and security key because the security key functionality they imported or cloned into their software already supports fido2 passwordless authentication, but it’s not a resident key… then as a passkey it is a resident key. The difference between a fido2 non-resident key and a passkey/resident key is basically inconsequential to the user… aside from the management possibilities I mentioned in my previous post above.
Basically Fido and passkeys are just still a big mess when it comes to terminology and the implementation of this terminology and technology.
Yeah so this is where it gets really fun. My hunch is that it is not a problem with discourse, it’s probably a problem with Google Play services. Google has a vested interest in denying non-google storage of resident keys… AKA external security keys used as passkey storage. They basically purposely fucked up the Fido underpinnings on Android on purpose. Things worked great, then they didn’t. Some phones recovered with vendor specific updates but others have not.
To be fair I’m not really versed on the current status of Android support across the different operating system versions for external passkey devices, but I’ll take a screen recording of my own attempt at registering my Apex as a pass key and we’ll see what @BryanJacobs thinks about it.
There is an update to the FIDO2Applet that hasn’t been released officially yet that does fix a compatibility bug.
But I’m able to happily use all these apps when I use MicroG instead of Google Play Services, so… the fault lies with Google Play Services. It’s not the apps’ fault.
