Forum Discussion

New Contributor

2 months ago

Solved

Webauthn Integration Not Working URL mismatch?

I have built a webauthn integration that works perfectly with native android, google password manager, and bitwarden password manager. However, when I try to use 1Password to save the passkeys I get an error message:

"Unable to save passkey. For security reasons, 1Password did not save this passkey. The associated URL for this passkey does not match the selected app."

I can't find anywhere in the docs how to address this issue. I assume that it is related to the RP ID. I have tried the FQDN as well as the "android:apk-key-hash:" that android returns after a successful verification.

Has anyone run into this before? Is there documentation on how I should be configuring my Attestation payload to be compatible with 1Password?

android

integrations

security

1P_Phil
2 months ago
Hi drductus ,

Ok! It sounds like the team has gotten to the bottom of this.

Likely your issue is that you TLS certificate is missing OCSP information, which is likely because if your CA is Let's Encrypt, they are currently deprecating OCSP support.

You can learn more about it here : https://letsencrypt.org/2024/12/05/ending-ocsp/

Are you using a Let's Encrypt CA?

Thanks,

Phil

7 Replies

drductus
New Contributor
2 months ago
Hey Phil,
Are you attempting to do any sort of validation against any of the files inside /.well-known/ on the domain associated with the RP ID?
Does 1Password require an existing login to be present before it can save the passkey? We log in using an SMS flow, so there wouldn't be an existing login.
I'm just not sure why these attestation options will work for other password managers but not 1Password.
1P_Phil
Moderator
2 months ago
Hi drductus ,

I have not heard of this error before, but am taking a look into it here at 1Password. I hope to have some info later today or tomorrow.

Thanks for reaching out!

Phil
- drductus
  New Contributor
  2 months ago
  1P_Phil have you been able to find anything? My investigations are still hitting dead ends about what is going on. I'm nearly at the point of pulling out wireshark to try to validate all the traffic.
  - 1P_Phil
    Moderator
    2 months ago
    Hi drductus ,
    
    Ok! It sounds like the team has gotten to the bottom of this.
    
    Likely your issue is that you TLS certificate is missing OCSP information, which is likely because if your CA is Let's Encrypt, they are currently deprecating OCSP support.
    
    You can learn more about it here : https://letsencrypt.org/2024/12/05/ending-ocsp/
    
    Are you using a Let's Encrypt CA?
    
    Thanks,
    
    Phil

Forum Discussion

Webauthn Integration Not Working URL mismatch?

7 Replies

Recent Discussions

Console flooded with errors when clicking links during 1Password passkey selection dialog

WSL2 Arm Build

`op account add` with `Integrate with 1Password CLI`

1password doesn't seem to remember the key approval for JetBrains IDEA Ultimate

Use op on headless system with glab?