This is great information to have, thank you. Because the hardware never changes, and the webauthin site never changes only the middlemen as you will change I decided to run a full set of tests. I’ve noticed several things.
- I’ve noticed on chrome at least if a site requires user verification it doesn’t even give you the option to use the OS level NFC scan, only USB or QR Code. Really interesting.
- On Android regardless of browser or tool it seems to never pass on user verified details. Additionally I’m not seeing resident keys being stored or made for any of the android tests even on the ones where user verification is required and the bridge asked for a pin.
- The Android OS will never ask for a pin upon registration only the bridge app asks for the pin.
- The Provider information even when set to direct never populates on Android only on WIndows.
- All the different methods of delivery (Via column) give different result descriptions. Windows sees it as a passkey so I’m able to use it like a passkey. All the tests on android see it as a security key. This mirrors my original issue.
Summary: I’m unable to get FIDO2 reliably working on any browser even when using the bridge on my up-to-date samsung s23 ultra. I’m unsure of other users have run into these issues, but I’d really like to get my phone working with passkeys.
Here’s a chart with the results of each test.
| # | Settings | Pin Verification Requested | OS | Browser | Via | Result Description | Transports | AAGUID | Notes / Errors |
|---|---|---|---|---|---|---|---|---|---|
| 1 | Default | Both | Windows 11 | Firefox | ACR122U | device-bound passkey | [“nfc”] | blank | — |
| 2 | Direct | Both | Windows 11 | Firefox | ACR122U | device-bound passkey | [“nfc”] | correct UID returned | — |
| 3 | Default | No | Android 15 | Chrome | OS | device-bound non-discoverable credential | [“nfc”] | blank | — |
| 4 | Direct | No | Android 15 | Chrome | OS | device-bound non-discoverable credential | [“nfc”] | blank | — |
| 5 | User Verification Required | N/A | Android 15 | Chrome | OS | — | — | — | OS doesn’t offer NFC option when UV is required on Chrome |
| 6 | Direct | On register | Android 15 | Chrome | Bridge | — | — | — | Flow through bridge ended “Success”; site error – “Unknown error talking to Credential Manager” |
| 7 | Default | On register | Android 15 | Chrome | Bridge | — | — | — | Flow through bridge ended “Success”; site error – “Unknown error talking to Credential Manager” |
| 8 | Default | No | Android 15 | Firefox | OS | device-bound non-discoverable credential | [“nfc”] | blank | — |
| 9 | Direct | No | Android 15 | Firefox | OS | device-bound non-discoverable credential | [“nfc”] | blank | — |
| 10 | User Verification Required | No | Android 15 | Firefox | OS | — | — | — | No PIN prompt even when UV required → “User verification required but not verified” |
| 11 | Default | On register only | Android 15 | Firefox | Bridge | device-bound credential of unknown discoverability | [“nfc”,“usb”] | blank | — |
| 12 | Direct + User Verification Required | On register only | Android 15 | Firefox | Bridge | device-bound credential of unknown discoverability | [“nfc”,“usb”] | blank | — |