use new firefox api for webauthn(FIDO2) ctap2 instead old U2F (fido1) #1470

New Issue

Closed

opened 2025-11-07 07:07:42 -06:00 by GiteaMirror · 0 comments

GiteaMirror commented 2025-11-07 07:07:42 -06:00

Owner

Copy Link

Originally created by @rdslw on GitHub (Jan 6, 2023).

Currently, if using web access, and usb authenticator, and newest chromium (e.g. 108) you can use yubikeys configured with ONLY FIDO2 protocol. The very same key, with the same configuration (being U2F disabled, while FIDO2 enabled), will no work with firefox (tested 108), because web vault is using only U2F firefox api, hence older.

New firefox do have ctap2 protocol visible under setting security.webauthn.ctap2

Yubikey configuration:

$ ykman info                                                                                                                         ~
Device type: YubiKey 5C NFC
Firmware version: 5.4.3
Form factor: Keychain (USB-C)
Enabled USB interfaces: OTP, FIDO, CCID
NFC transport is enabled.

Applications	USB     	NFC     
FIDO2       	Enabled 	Enabled (!)
OTP         	Enabled 	Enabled 	
FIDO U2F    	Disabled	Disabled (!)
OATH        	Enabled 	Enabled 	
YubiHSM Auth	Enabled 	Enabled 	
OpenPGP     	Enabled 	Enabled 	
PIV         	Enabled 	Enabled 

Originally created by @rdslw on GitHub (Jan 6, 2023). Currently, if using web access, and usb authenticator, and newest chromium (e.g. 108) you can use yubikeys configured with ONLY FIDO2 protocol. The very same key, with the same configuration (being U2F disabled, while FIDO2 enabled), will no work with firefox (tested 108), because web vault is using only U2F firefox api, hence older. New firefox do have ctap2 protocol visible under setting _security.webauthn.ctap2_ Yubikey configuration: ``` $ ykman info ~ Device type: YubiKey 5C NFC Firmware version: 5.4.3 Form factor: Keychain (USB-C) Enabled USB interfaces: OTP, FIDO, CCID NFC transport is enabled. Applications USB NFC FIDO2 Enabled Enabled (!) OTP Enabled Enabled FIDO U2F Disabled Disabled (!) OATH Enabled Enabled YubiHSM Auth Enabled Enabled OpenPGP Enabled Enabled PIV Enabled Enabled ```

GiteaMirror closed this issue 2025-11-07 07:07:43 -06:00

GiteaMirror referenced this issue 2026-03-07 19:54:09 -06:00

Performance Issues #4604

GiteaMirror referenced this issue 2026-04-20 13:02:43 -05:00

[GH-ISSUE #1453] Performance Issues #9777

GiteaMirror referenced this issue 2026-04-23 05:28:49 -05:00

[GH-ISSUE #1453] Performance Issues #13754

GiteaMirror referenced this issue 2026-04-25 19:58:26 -05:00

[GH-ISSUE #1453] Performance Issues #17737

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

revert-7033-patch-1

cached-config-operations

test_dylint

1.36.0

1.35.8

1.35.7

1.35.6

1.35.5

1.35.4

1.35.3

1.35.2

1.35.1

1.35.0

1.34.3

1.34.2

1.34.1

1.34.0

1.33.2

1.33.1

1.33.0

1.32.7

1.32.6

1.32.5

1.32.4

1.32.3

1.32.2

1.32.1

1.32.0

1.31.0

1.30.5

1.30.4

1.30.3

1.30.2

1.30.1

1.30.0

1.29.2

1.29.1

1.29.0

1.28.1

1.28.0

1.27.0

1.26.0

1.25.2

1.25.1

1.25.0

1.24.0

1.23.1

1.23.0

1.22.2

1.22.1

1.22.0

1.21.0

1.20.0

1.19.0

1.18.0

1.17.0

1.16.3

1.16.2

1.16.1

1.16.0

1.15.1

1.15.0

1.14.2

1.14.1

1.14

1.13.1

1.13.0

1.12.0

1.11.0

1.10.0

1.9.1

1.9.0

1.8.0

1.7.0

1.6.1

1.6.0

1.5.0

1.4.0

1.3.0

1.2.0

1.1.0

1.0.0

0.13.0

0.12.0

0.11.0

0.10.0

0.9.0

Labels

Clear labels

better for forum

bug

documentation

duplicate

enhancement

future Vault

good first issue

help wanted

low priority

notes

pull-request

Mirrored from GitHub Pull Request

question

SSO

Third party

troubleshooting

wontfix

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

GiteaMirror ninjasurge

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/vaultwarden#1470