hyatt.com can not register passkeys using 1Password browser extension

tvandinter
tvandinter
Community Member
in 1Password in the Browser

This came out of https://www.reddit.com/r/1Password/comments/1dwt28u/hyatt1password_passkey_creation_disconnect/ fyi and here's a version of my comment on that post:

The hyatt.com website used to work fine with the 1Password browser extension and passkeys. I was able to register a key, and could use it up through today. However, something has changed and now trying to register a key fails 100% of the time with "We were unable to create a passkey. Please try again."

I spent a bit of time testing, and the problem is specifically between the Hyatt site and the 1Password extension. I tried with 2.25.1 stable and 2.26.0 beta, mostly using Chrome 126.0.6478.127 and also Safari 17.5 on Mac OS 14.5. I also tried Windows 11 w/ similar set up and the same results.

The Hyatt site does some silly things with passkey requests (below), but if I hit the USB icon on the 1PW passkey prompt, I can register and login with every other passkey authenticator I tried (eg Chrome, Google Password Manager, iCloud Keychain, Yubikey, etc). The 1PW extension works on other websites I tried, but not Hyatt.

Interestingly, the Hyatt website has 2 options for creating passkeys. "Create Passkey" which shows device-only authenticators, and "Use a different device to create a passkey" which shows non-device-only authenticators. This is setting authenticatorAttachment:"platform" vs "cross-platform" in the creation request. I have no idea why they do this, versus not specifying the option which lets the user choose any authenticator that's available which is what most sites do. 🤷‍♂️ Just to be clear, in testing with webauthn.io the 1PW extension works fine for any setting.

1Password Version: 8.10.34
Extension Version: 2.25.1
OS Version: macOS 14.5 and Windows 11
Browser: Chrome and Safari

Comments

  • EvonG1P
    EvonG1P

    Hello, @tvandinter. Thank you for writing in, and I appreciate the time you took to troubleshoot the issue.

    I've tested Hyatt's website on my end and have been able to recreate the same problem. I've reported this issue to our development team for further investigation.

    To confirm, were you previously able to use the Hyatt passkey with 1Password in the browser using version 2.25.1? Which was last updated on June 20, 2024.

    I look forward to your reply.

    -Evon

    ref: dev/core/core#31030

  • jj2138
    jj2138
    Community Member

    I have the same problem, and am adding this comment so maybe I will be notified (somehow?) when this conversation gets updated. I'm not exactly sure how this support site works...

  • EvonG1P
    EvonG1P

    Hello, @jj2138. Thanks for writing in.

    I've added your report to the work item open internally. Please keep an eye on our release notes for when the issue is resolved:

    I apologize for the inconvenience. Let me know if you have any questions.

    -Evon

  • tvandinter
    tvandinter
    Community Member

    Hi @EvonG1P

    The history is that I was able to use 1Password to register a passkey on the Hyatt site in the past. Looking at the login history via 1password.com, I initially registered a passkey on June 9 2023 then for some reason I registered a new one on Feb 22 2024. I have no idea what version of 1Password (or anything else) I was using at those times.

    Fast forward to July 6 2024. I was able to use the already registered passkey from Feb 22 to log into the Hyatt site using 2.25.1. Removing that passkey and then trying to register a new one fails with both 2.25.1 and 2.26.0.

    Hope this helps. Cheers.

  • EvonG1P
    EvonG1P

    @tvandinter,

    Thank you for the additional information; it's helpful! I've reached out to our development team, and it appears to be a Hyatt server-side issue. However, we are working towards a fix for this on our end.

    I hope that helps. Let me know if you have any further questions. 🙂

    -Evon

  • tvandinter
    tvandinter
    Community Member

    Just to add another bit of info, I was just able to use my Android phone, and Chrome with the #web-authentication-android-credential-management flag enabled, to create a passkey on the Hyatt site using 1Password. Verified logging in works fine on both Android and via regular browser extension.

    Android 14 w/ July 2024 update (build AP2A.240705.004)
    Chrome 126.0.6478.122
    1Password 8.10.36

  • EvonG1P
    EvonG1P

    Thank you, @tvandinter.

    I'm glad to hear it's now working as expected after creating the passkey on the 1Password Android app. I've done some testing on my end, and I was also able to successfully create a passkey using the Nightly version of 1Password in the browser.

    Let me know if there's anything else I can help you with.

    -Evon