Hello all, new OnlyKey user here. After configuring my OnlyKey with the Linux app (set a PIN, passphrase, and a test account in one of the slots), I tried to use my OnlyKey in my browser as a security key in ProtonMail.
I’m using LibreWolf (most recent version). During the setup on ProtonMail’s website, I reach the point where a browser pop-up asks me to plug in my security key and touch it. I expect my OnlyKey to light up blue per the documentation, but it does not. Touching it does not enroll it as a security key after the fact.
Anybody else running into similar issues? As far as I can tell:
OnlyKey is FIDO2 Certified
Proton supports FIDO2 security keys
LibreWolf is based on Firefox, which now supports security keys (otherwise I wouldn’t see the popup)
So I don’t understand why it is not working as simply as the documentation says it will. I also tried https://webauthn.io/ to test the OnlyKey being detected, but get similar results.
Yes, I tested the webauthn test website in plain-jane Firefox and my OnlyKey lit up blue and worked as intended. This leads me to think it is a LibreWolf issue. I tried adjusting some settings in the about:config with no real luck.
I may have to move to hardened Firefox as my daily driver for sensitive activities that involve my OnlyKey, and just use LibreWolf for casual browsing.
Hell, I might end up on Brave again. I haven’t tested OnlyKey on Brave and I do have worries about it’s reliance on Chromium, but maybe things have changed in the past year for it.
Update: was recently able to use fido2 on both Brave and LibreWolf in the past week. A recent update to the browser must have fixed it. In any case, I wanted to let everyone know so that these options are out there!
hey, i’m having the same problem (fido2, linux, librewolf, proton, CTAP2 enabled in about:config and notification comes up in browser for the key check, working fine on other browsers) but updating the browser hasn’t fixed the issue.
…and I worked out my problem- flatpak’s sandboxing.
the solution for flatpak librewolf (or any browser without the permission, i guess) is passing the --device=all option when launching the app. I don’t know enough to say whether security key support is worth the tradeoff of giving the browser access to all devices though.
EDIT: the more granular device permissions (dri, input, kvm, shm) were tested, and none worked.