-
Notifications
You must be signed in to change notification settings - Fork 972
Support U2F Keys #518
Comments
This might be an issue with electron - electron/electron#3226 |
When I try to login on Google, it asks me to install this extension: https://chrome.google.com/webstore/detail/gnubbyd/beknehfpfkghjoafdifaflglpjkojoco But there's no install button. |
Yes, totally seeing the same issue still. Same notice as my first message posting. Sorry for the delay in responding I didn't get the notice properly. |
Pretty big blocker for me to be able to switch over fully. Would it be a matter of just baking in that extension? Or are there API's its going to need? Based on that electron issue linked it looks like there might be some missing API's? |
It's been a long time since I used a Yubikey, but I thought they acted as a keyboard and just typed in the box? I can take a look at the Chrome extension and see if we support the APIs it requires |
@bridiver from my understanding yes that's essentially what's happening. I think it does do some checks in the USB HID tree polling for descriptors. |
we do want to get this working and I'm looking at the extension, but it's odd because the whole thing seems antithetical to the concept behind yubikeys. They act like a keyboard to avoid the need for any special hardware support. I think I might still have an old one lying around somewhere that I can test with. |
There is a new standard on the block called U2F, and yubikeys can now do Look into it, it's pretty neat: On Jul 12, 2016 16:52, "Aaron Ogle" [email protected] wrote:
|
@bridiver yeah the yubikey that completely acts just like a HID device works no problem. Its the ones now based on the U2F standard that does a little more then the just pretend to be an HID device. This is the standard that sites like Github / Google etc have embraced and now offer as a 2 factor authentication method. |
sounds like my old yubikey will not be helpful then. We don't support all of the chrome extensions apis yet, but if I can get it working with minimal effort we can push it out pretty quickly. If it requires more work we'll have to prioritize and schedule it. |
There is discussion about adding Chromium's U2F support to Electron at electron/electron#3226. |
I can see the following paths forward
|
at least in theory the only thing you would have to implement to use the extension is |
If I read the docs correctly, cryptotokenPrivate is just for the UI to get explicit user permission to register a token with a website. That had to be native in Chromium because it had to show a native toolbar. But all of Brave's UI is JS on top of Electron, right? So it should be fairly easy to implement that and then pull in the rest of the necessary stuff from Chrome? |
I didn't look at it closely, but that sounds reasonable. You will definitely have to pull in additional dependencies in libchromiumcontent because we don't current have the hid support enabled in |
OK I'll look into that next time I get some spare hacking time. |
How do I pull my changes to libchromiumcontent to electron and Brave? |
Somebody else can probably answer this better than me, but if you put browser-laptop, brave-electron, and brave-libchromium content in sibling directories, brave-electron has scripts to help with this. Given that electron and libchromium are in sibling directories, |
(extra detail) By sibling directories I mean brave/browser-laptop, brave/electron, and brave/libchromiumcontent all share the same parent directory:
All the npm scripts I mentioned are in brave/electron:
|
there are several recent PRs with examples of pulling in new deps the scripts @willy-b referenced will work for the electron build after updating |
+1 from myself |
Blocks me from switching from Chrome. Bit of a shame since Brave is so incredibly enticing otherwise! |
No luck here either with the v0.21.9 beta. Still getting an error message that something went wrong when trying to use my yubikey with google... Did the old version of Brave need to be uninstalled? I didn't try that. |
@cannedshrimp what OS are you trying with? |
Running MarCOs High Sierra v10.13.3 |
Same here. I’d be happy to help and debug this further (when given the instructions) |
It looks like there is a Mac specific issue, I was able to confirm it as working on Windows and Linux but Mac also did not work for me. Thanks for your help testing, I will investigate more. |
I tried it on Windows 10, with the version linked above and it didn't work with the Yubico test page: https://demo.yubico.com/start/u2f/neo?tab=register. Just to add on the discussion, I once had trouble with Google and Firefox and read somewhere that Google implements the U2F part slightly different from the standard and that's what broke Firefox. |
@lamaral Interesting, that test site also doesn't work for me. However https://demo.yubico.com/u2f does |
@evq This site works for me. |
Any updates on this? Mine setup does not work (confirmation does not appear on device) Ubuntu Desktop 16.04 LTS It does work with the same setup and chrome |
Hey @bijeebuss. U2F support was moved back to our current beta channel release, P.S. As an update to others, the mac specific issue mentioned above was resolved in #13345, so as of beta version Thanks all! |
I can confirm U2F working on Google with the new Beta release on Mac High Sierra! Also worked on https://demo.yubico.com/u2f Nice job! |
Verified on Windows x64
Verified on macOS 10.12.6 x64 using the following build:
Verified on
Also checked the following websites using
|
I couldn't get Github or YubiKey Demo to work. OS Details
Browser Details
Newly formatted computer so it's mostly a default setup. |
I really need this, the only thing stopping me from using brave full time. |
@krmbzds @kylerchin we have an issue capturing the problem and discussing a fix here: |
Test plan
See #12507
Original issue description
I use a U2F key (YubiKey Neo) for Two factor authentication in locations such as here on github and with Google accounts (as well as Lastpass extension).
While the key works great in Chrome, it's not currently supported in Brave. This is a significant blocker for me. I'd love to see this functionality implemented. See the error I get when trying log into my github account with Brave (at the point where the security key is requested).
The text was updated successfully, but these errors were encountered: