ERROR Error during passkey creation {"error": "Native error", "message": "androidx.credentials.exceptions.domerrors.SecurityError@7337b1"}. #6
Comments
|
@vikasvk3510 unsure why this is happening at first glance, but "SecurityError" hints at some kind of policy being violated. Maybe because the RPID isn't compatible with the domain? You need to host a |
|
I am using my domain but it's not working. Is there any other
implementation for android because it's showing the same error .
…On Fri, 25 Oct 2024 at 21:01, Arnaud ***@***.***> wrote:
@vikasvk3510 <https://github.com/vikasvk3510> unsure why this is
happening at first glance, but "SecurityError" hints at some kind of policy
being violated. Maybe because the RPID isn't compatible with the domain?
You need to host a /.well-known/assetlinks.json at the root of your
domain for passkey creation to work correctly.
—
Reply to this email directly, view it on GitHub
<#6 (comment)>, or
unsubscribe
<https://github.com/notifications/unsubscribe-auth/BAOH5WWXYZLIKIXVGOBRLWTZ5JP6NAVCNFSM6AAAAABQSSG34KVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDIMZYGEZTCOJTHA>
.
You are receiving this because you were mentioned.Message ID:
***@***.***>
|
|
If you're comfortable doing so, can you share your domain and a link to your repo? Unfortunately my experience with native passkey implementation is that it's quite finicky and hard to debug. Just to name a few things I ran into: the app being signed with the wrong debug cert, app run in a context which doesn't allow passkeys, app domain and RPID mismatch because of typos or subdomains, wrong Enabling device-side debug logs might help. As-is it's difficult for me to really dig in without more information. |
|
Please check this code i am using while create pass key
const authenticatorParams = await createPasskey(
{
authenticatorName: "End-User Passkey",
rp: {
id: 'abstraxn.com', // Ensure this is your ngrok or valid HTTPS domain
name: "abstraxn",
},
user: {
id: userId,
name: `Key @ ${humanReadableDateTime}`,
displayName: `Key @ ${humanReadableDateTime}`,
},
authenticatorSelection: {
residentKey: "preferred", // or "preferred"
userVerification: "discouraged", // or "discouraged"
},
}
);
and here the backend domain setup you can check in the URL
https://yurl.chayev.com/android-results?url=abstraxn.com&prefix=&bundle=
…On Tue, 29 Oct 2024 at 21:13, Arnaud ***@***.***> wrote:
If you're comfortable doing so, can you share your domain and a link to
your repo? Unfortunately my experience with native passkey implementation
is that it's quite finicky and hard to debug. Just to name a few things I
ran into: the app being signed with the wrong debug cert, app run in a
context which doesn't allow passkeys, app domain and RPID mismatch because
of typos or subdomains, wrong Content-Type headers on files hosted at
/.well-known/..., hosted files being cached by Apple/Google's
infrastructure.
Enabling device-side debug logs might help. As-is it's difficult for me to
really dig in without more information.
—
Reply to this email directly, view it on GitHub
<#6 (comment)>, or
unsubscribe
<https://github.com/notifications/unsubscribe-auth/BAOH5WQGE3BHH7GCYMP5FBTZ56UKTAVCNFSM6AAAAABQSSG34KVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDINBUGY2TQOBTHE>
.
You are receiving this because you were mentioned.Message ID:
***@***.***>
|
|
@vikasvk3510 shot in the dark: could it be the same issue than what I've encountered in f-23/react-native-passkey#29 (comment)? What is the value of |
|
userID = MTczMDY5MzMwMTU0OA==
…On Wed, 30 Oct 2024 at 20:03, Arnaud ***@***.***> wrote:
@vikasvk3510 <https://github.com/vikasvk3510> shot in the dark: could it
be the same issue than what I've encountered in f-23/react-native-passkey#29
(comment)
<f-23/react-native-passkey#29 (comment)>?
What is the value of userId in your code? Android requires that it's a
valid base64-encoded string.
—
Reply to this email directly, view it on GitHub
<#6 (comment)>, or
unsubscribe
<https://github.com/notifications/unsubscribe-auth/BAOH5WUQV7RYOBPHI4WWBY3Z6DU4DAVCNFSM6AAAAABQSSG34KVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDINBXGM2TOMRVHE>
.
You are receiving this because you were mentioned.Message ID:
***@***.***>
|
|
Ok cool. So that's not it then. Looks like perfectly valid base64 to me! |
|
still i am getting same error please provide solution check this code
import React, { useEffect, useState } from 'react';
import { View, Text, TextInput, TouchableOpacity, SafeAreaView, StatusBar }
from 'react-native';
import { Colors } from '../../../../AppTheme/colors';
import { staticValues } from '../../../../Constants/staticData';
import { showErrorMessageBar } from '../../../../Helpers/snackBar';
import {
PasskeyStamper,
createPasskey,
isSupported,
} from ***@***.***/react-native-passkey-stamper";
import { ApiKeyStamper } from ***@***.***/api-key-stamper";
import { TurnkeyClient } from ***@***.***/http";
import { Buffer } from "buffer";
import { navigationRoutes } from '../../../../Constants/navigation';
import { styles } from './signUpStyle';
import { log } from 'console';
import { SagaActions } from '../../../../Redux/sagaActions';
import { useDispatch } from 'react-redux';
import { showMessage } from 'react-native-flash-message';
import { actuatedNormalize } from '../../../../Helpers/responsiveScreen';
import { Fonts } from '../../../../AppTheme/fonts';
interface SignInProps {
navigation: any;
}
const Signup: React.FC<SignInProps> = ({ navigation }) => {
const dispatch = useDispatch()
const RPID = "abstraxn.com";
const [username, setUsername] = useState<string>('');
const [debounceTimeout, setDebounceTimeout] = useState<any>(null);
const [ShowMessage, setShowMessage] = useState<string>('');
const [isVisible, setIsVisible] = useState<boolean>(true);
useEffect(() => {
if (ShowMessage) {
setIsVisible(true); // Show message when set
const timer = setTimeout(() => {
setIsVisible(false);
setShowMessage(''); // Clear the message after hiding it
}, 3000);
return () => clearTimeout(timer); // Clear timeout if component unmounts
}
}, [ShowMessage]);
////////////////////CREATE PASS KEY/////////////////////////////
async function onPasskeyCreate() {
if (!isSupported()) {
alert("Passkeys are not supported on this device");
return;
}
try {
const now = new Date();
const humanReadableDateTime = `${now.getFullYear()}-${now.getMonth() + 1}-${
now.getDate()} @ ${now.getHours()}h${now.getMinutes()}min`;
console.log("Creating passkey with datetime: ", humanReadableDateTime);
// const userId = Buffer.from(String(Date.now())).toString("base64");
const userId = Buffer.from(String(Date.now())).toString("base64");
console.log('use ID===>', userId);
const authenticatorParams = await createPasskey(
{
authenticatorName: "End-User Passkey",
rp: {
id: 'abstraxn.com', // Ensure this is your ngrok or valid HTTPS domain
name: "Abstraxn SW",
},
// challenge: userId,
user: {
id: userId,
name: `sandeep`,
displayName: `sandeep`,
},
authenticatorSelection: {
residentKey: "preferred", // Allow both stored and non-stored keys
userVerification: "preferred",
},
attestation: 'direct'
}
);
console.log("Passkey registration succeeded: ", authenticatorParams);
const response = await createSubOrganization(authenticatorParams);
console.log("Created sub-org", response);
alert(`Sub-org created! Your ID: ${response.activity.result.
createSubOrganizationResultV4?.subOrganizationId}`);
} catch (e) {
console.error("Error during passkey creation", e);
alert(`Error during passkey creation: ${e}`);
}
}
////////////////////CREATE SUB ORGINISATION/////////////////////
async function createSubOrganization(
authenticatorParams: Awaited<ReturnType<typeof createPasskey>>,
) {
const stamper = new ApiKeyStamper({
apiPublicKey: 'dummyPublicKey_1234567890',
apiPrivateKey: "dummyPrivateKey_0987654321",
});
const client = new TurnkeyClient(
{ baseUrl: "https://api.turnkey.com" },
stamper,
);
const data = await client.createSubOrganization({
type: "ACTIVITY_TYPE_CREATE_SUB_ORGANIZATION_V4",
timestampMs: String(Date.now()),
organizationId: "dummyOrganizationId_001",
parameters: {
subOrganizationName: `Sub-organization at ${String(Date.now())}`,
rootQuorumThreshold: 1,
rootUsers: [
{
userName: "Root User",
apiKeys: [],
authenticators: [authenticatorParams],
// oauthProviders: []
},
],
},
});
return data;
}
////////////////////HANDLE ACCOUNT CREATE//////////////////////
const handleUsernameChange = (text: string) => {
setUsername(text);
if (debounceTimeout) clearTimeout(debounceTimeout);
const newTimeout = setTimeout(() => {
checkUser(text);
}, 500); // Adjust delay as needed
setDebounceTimeout(newTimeout);
};
/////////////////////////////////////////////////////////////
const checkUser = (name: string) => {
const trimmedUsername = name.trim();
if (trimmedUsername.length === 0) return;
if (trimmedUsername.length < 4) {
showErrorMessageBar('Username must be at least 4 characters long.');
return;
}
dispatch({
type: SagaActions.CHECK_USER_NAME,
payload: {
username: username,
CheckUserName: async (data: any) => {
console.log('Checking username:', data.message);
setShowMessage(data.message)
},
CheckUserNameError: async (err: any | null) => {
console.error('Error:', err);
},
},
});
};
return (
<SafeAreaView style={styles.container}>
<StatusBar backgroundColor="#000" barStyle={'light-content'} />
<View style={styles.innerContainer}>
<Text style={styles.title}>{staticValues.CREATE_YOUR}</Text>
<Text style={styles.title}>{staticValues.ABSTRAXN_ACCOUNT}</Text>
<Text style={styles.usernameLabel}>{staticValues.DIAPLAYNAME}</Text>
<TextInput
style={styles.input}
placeholder="Enter Unique username"
placeholderTextColor={Colors.fadeText}
value={username}
onChangeText={handleUsernameChange}
/>
{isVisible && ShowMessage && (
<Text style={{ color: Colors.green, fontSize: actuatedNormalize(14),
fontFamily: Fonts.nunitoMedium }}>
{ShowMessage}
</Text>
)}
<Text style={styles.termsText}>
{staticValues.BY_CONTIUING}
</Text>
<TouchableOpacity style={styles.button}
// onPress={handleCreateAccount}
onPress={onPasskeyCreate}
// onPress={()=>navigation.navigate(navigationRoutes.CreatingYourAccount)}
<Text style={styles.buttonText}>
{staticValues.CREATE_ACC_WITH_PASS_KEY}
</Text>
</TouchableOpacity>
<TouchableOpacity style={styles.loginButton} onPress={() => navigation.
navigate(navigationRoutes.LoginScreen)}>
<Text style={styles.loginText}>{staticValues.OR_LOGIN}</Text>
</TouchableOpacity>
<View style={styles.passkeyInfoContainer}>
<TouchableOpacity onPress={() => navigation.navigate(navigationRoutes.
LoginScreen)}>
<Text style={styles.passkeyHeaderText}>{staticValues.SIGNIN_WITH_PASSKEY}</
Text>
</TouchableOpacity>
<Text style={styles.passkeyDescriptionText}>
{staticValues.ACCOUNT_SECURED}
</Text>
<TouchableOpacity onPress={()=>navigation.navigate(navigationRoutes.
CreatingYourAccount)} style={styles.learnMoreButton}>
<Text style={styles.learnMoreText}>{staticValues.LEARN_MORE}</Text>
</TouchableOpacity>
</View>
</View>
</SafeAreaView>
);
};
export default Signup;
…On Mon, 4 Nov 2024 at 19:28, Arnaud ***@***.***> wrote:
Ok cool. So that's not it then. Looks like perfectly valid base64 to me!
—
Reply to this email directly, view it on GitHub
<#6 (comment)>, or
unsubscribe
<https://github.com/notifications/unsubscribe-auth/BAOH5WS7URIEK6VPWREPIK3Z65VP7AVCNFSM6AAAAABQSSG34KVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDINJUG44DOOJXGA>
.
You are receiving this because you were mentioned.Message ID:
***@***.***>
|
|
Two things jump out from a quick glance
The rest of your code looks good to me; I bet the issue, if not related to createPasskey params somehow, is going to be related to the setup you're testing with: are you testing locally with a signed APK? Deploying into a test device? I've run into many issues testing on Android emulators in particular so I'd recommend actually building the signed APK, and install it on a dev-enabled device to remove any weirdness. |
|
@arnaud
The issue of {"error": "Native error", "message":
***@***.***"}. is
fixed now.
i have one more query, can i get
- *pubkeyCoordinates*:
- *x*:
31005773206663085753684380148931998560740634215326662319848685921121577989794n
- *y*:
70229823330641956967611575365090670905398894363447669265276882832340636259335n.
in my response in React Native App
because this *pubkeyCoordinates * response is showing in web , i want that
same same response in React Native mobile app
…On Tue, 5 Nov 2024 at 20:59, Arnaud ***@***.***> wrote:
Two things jump out from a quick glance
- authenticatorSelection for createPasskey doesn't require resident
keys. Most likely this is fine, but it'd be interesting to try creating a
passkey with the exact same configuration than what is here
<https://github.com/tkhq/passkeyapp/blob/e0540c2aa213fb4cf9bb723edb2f0504e636f380/Home.tsx#L81-L85>
to eliminate this variable
- attestation: "direct" is passed in; let's try without it? Again I
don't see a problem with that in principle, but anything you can do to
remove differences will help isolate the problem
The rest of your code looks good to me; I bet the issue, if not related to
createPasskey params somehow, is going to be related to the setup you're
testing with: are you testing locally with a signed APK? Deploying into a
test device? I've run into many issues testing on Android emulators in
particular so I'd recommend actually building the signed APK, and install
it on a dev-enabled device to remove any weirdness.
—
Reply to this email directly, view it on GitHub
<#6 (comment)>, or
unsubscribe
<https://github.com/notifications/unsubscribe-auth/BAOH5WR7TJHVWLOJVIM5LPTZ7DP55AVCNFSM6AAAAABQSSG34KVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDINJXGQ3TQMJWG4>
.
You are receiving this because you were mentioned.Message ID:
***@***.***>
|
|
@vikasvk3510 great news! Mind sharing what was the problem and how you got around it? Re: public key coordinates: can you be more specific about where you see this "showing in web"? Are you referring to Turnkey API responses? Or a demo app? Also: which key do you want to display pubkey coordinates for? |
|
MOBILE OBJECT
--------------------------------------------------------
createPasskey({
authenticatorName: "End-UserPasskey",
rp: {
id: "abstraxn.com", // Ensure this is your valid domain
name: "com.abstraxn",
},
user: {
id: userId,
name: `User_${now.getTime()}`,
displayName: `User_${now.getTime()}`,
},
authenticatorSelection: {
residentKey: "preferred", // Allow both stored and non-stored keys
userVerification: "preferred",
},
publicKey: {
pubKeyCredParams: [
{ alg: -7, type: "public-key" }, // ES256 (Webauthn's default algorithm)
{ alg: -257, type: "public-key" }, // RS256 (for older Windows Hello and
others)
]
}
});
…-----------------------------------------------------------WEB OBJECT
--------------------------------------------------------
{
publicKey: {
pubKeyCredParams: [
{ alg: -7, type: "public-key" }, // ES256 (Webauthn's default algorithm)
{ alg: -257, type: "public-key" }, // RS256 (for older Windows Hello and
others)
],
challenge: crypto.getRandomValues(new Uint8Array(32)),
rp: {
name: 'Abstraxn SmartAccount',
},
user: {
displayName: username,
id: crypto.getRandomValues(new Uint8Array(32)),
name: username,
},
timeout: 60_000,
authenticatorSelection: {
userVerification: 'preferred',
residentKey: 'preferred',
},
attestation: 'direct'
}
PubKeyCredParams is return x and y fingerprint coordinates in web
example( *pubkeyCoordinates
Response *
- *x*:
31005773206663085753684380148931998560740634215326662319848685921121577989794n
- *y*:
70229823330641956967611575365090670905398894363447669265276882832340636259335n
) i want that same response in mobile app
On Fri, 8 Nov 2024 at 21:23, Arnaud ***@***.***> wrote:
@vikasvk3510 <https://github.com/vikasvk3510> great news! Mind sharing
what was the problem and how you got around it?
Re: public key coordinates: can you be more specific about where you see
this "showing in web"? Are you referring to Turnkey API responses? Or a
demo app? Also: which key do you want to display pubkey coordinates for?
—
Reply to this email directly, view it on GitHub
<#6 (comment)>, or
unsubscribe
<https://github.com/notifications/unsubscribe-auth/BAOH5WUTUQJWYEVYSBQO2SLZ7TNBHAVCNFSM6AAAAABQSSG34KVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDINRVGA4TSMRWG4>
.
You are receiving this because you were mentioned.Message ID:
***@***.***>
|
|
Interesting, thanks for sharing! The only difference between this and what you had before seems to be the removal of "attestation: direct" from the config passed to |
|
Arnaud.
i am getting stuck on IOS while opening passkey in ios
Error creating passkey: {"error": "RequestFailed", "message": "The request
failed. No Credentials were returned."}
…On Mon, 11 Nov 2024 at 20:19, Arnaud ***@***.***> wrote:
Interesting, thanks for sharing! The only difference between this and what
you had before seems to be the removal of "attestation: direct" from the
config passed to createPasskey? Anything else besides that? (any changes
in your HTTP server or device/test setup which wouldn't be captured by an
app code change?)
—
Reply to this email directly, view it on GitHub
<#6 (comment)>, or
unsubscribe
<https://github.com/notifications/unsubscribe-auth/BAOH5WT6QKEUHY6QK2RPET32AC7X5AVCNFSM6AAAAABQSSG34KVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDINRYGM2TQMBYGE>
.
You are receiving this because you were mentioned.Message ID:
***@***.***>
|
|
It's going to be difficult for me to help without further details. By "opening" passkeys you mean during authentication? Or registration? It'd be helpful to know how you're testing exactly because it will affect what you can and can't do on iOS. One thing that's iOS specific is the provisioning profile and app signing process: without that in place I don't think passkeys will work. Another thing to check is the app entitlements. Unfortunately these are "off the cuff" recommendations, I'm not sure they'll fix the issue you're seeing (they're just things that have bitten me before) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
ERROR Error during passkey creation {"error": "Native error", "message": "androidx.credentials.exceptions.domerrors.SecurityError@7337b1"}. WHY THIS HAPPENS
The text was updated successfully, but these errors were encountered: