mirror of
https://github.com/fosrl/pangolin.git
synced 2026-07-17 07:04:36 -05:00
[GH-ISSUE #2027] Pangolin v1.12.3 - Can't authenticate with YubiKey #19142
Reference in New Issue
Block a user
Delete Branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Originally created by @c360e5f1 on GitHub (Dec 9, 2025).
Original GitHub issue: https://github.com/fosrl/pangolin/issues/2027
Originally assigned to: @miloschwartz, @water-sucks on GitHub.
Describe the Bug
I have a YubiKey Security Key NFC with firmware 5.2.6, which supports FIDO2 authentication. When registering a security key, I'm able to save it to my Google Password Manager and this works fine, I can log in using the security key credentials from Google Password Manager, but this isn't ideal because it's not offline
When I try to register my YubiKey, the registration is successful. I made sure to select the correct external USB YubiKey, entered my PIN, and pressed the gold disc. The key was then saved and listed in my security key dialog box. However, when I try to login with this registered YubiKey, even making sure I have the correct one selected, entering my PIN, and pressing the gold disc; I get a "This key doesn't look familiar" error and I can't login.
In all cases, password authentication still works.
Any ideas on where to look, what relevant log files to dig though?
Environment
To Reproduce
Expected Behavior
@oschwartz10612 commented on GitHub (Dec 10, 2025):
Could you do this again but watch the logs in Pangolin container? You could also turn on debug logs in the
config/config.ymlfile under the app section setlog_level: debugand restart the container and post the logs.Also curious about browser logs. That looks like a windows dialog so I would like to see if the website get anything when you open dev tools.
Thanks!
@thutex commented on GitHub (Dec 13, 2025):
trying to replicate OP's issue, i have added a secondary yubikey, and have no issues with that one either.
my first key was added on 1.12.2, and now for the second one, i added it on 1.13.0
both keys work just fine.
used yubikeys are the 5 NFC ones.
account used to attach them to is the admin account.
@c360e5f1 commented on GitHub (Dec 13, 2025):
Thanks for confirming that it works. Something must be broken in my implementation. I turned on debug logging and when I attempt to authenticate with the YubiKey this is the only line I see:
pangolin | Making security key start request to: http://localhost:3000/api/v1/auth/security-key/authenticate/startI don't see any errors in the log output, no more relevant lines, and I also don't see any errors in the dev tools on Chrome when i'm making that authentication request.
I'll try to delete the container and re-pull another image tonight and see if that helps.
edit:
upgraded to 1.13.0 by running
docker compose pulland then relaunched the container withdocker compose up -d, and still can't log in with YubiKey. Also of note, not sure if it matters for a YubiKey but my VPS' time is set to UTC and in my compose.yml I have TZ=America/Chicago in my environment for my local time zone.@c360e5f1 commented on GitHub (Dec 13, 2025):
I have performed additional testing and was able to reproduce this error when registering the YubiKey in my Chrome console:
@thutex commented on GitHub (Dec 13, 2025):
given the error you get, it does look like there needs to be a change in 2 files:
8eb3f6aacc/src/components/SecurityKeyForm.tsx (L189)8eb3f6aacc/src/components/SecurityKeyForm.tsx (L360)strange that i don't seem to get the same message in the console though (tested with ms edge 142.0.3595.65 and firefox 144.0.2 on linux)
@c360e5f1 commented on GitHub (Dec 13, 2025):
I just did some more testing this morning and tried the following browsers on Windows 10 22H2 19045.6466:
In all cases, I can register a YubiKey with the error message in the console in https://github.com/fosrl/pangolin/issues/2027#issuecomment-3648795593 but when I attempt to log in with the same YubiKey, I get the error that this security key doesn't look familiar.
@gogaman7 commented on GitHub (Jan 9, 2026):
i have pangolin v1.14.1 on server.
i.e. no issues with v1.14.1 pangolin server.
@oschwartz10612 commented on GitHub (Mar 26, 2026):
Verified working on 1.16. Please reopen if still an issue