Non working Google U2F authentication on macos app

[sboulkour]

Hi !

I'm having an issue with confidante on macos.

My Google account uses a hardware second factor to authenticate (FIDO U2F) which works with well Google Chrome, work sometimes with Firefox, and doesn't work at all with Safari. The issue I'm facing is that the webview opened to authenticate on my Google Account is based on Safari, and I can't use my default browser instead. This means confidante can't be used with a secured Google Account :/

[eric-zeng]

Hi, just to confirm, are you using the desktop app on MacOS?

What does the authentication flow look like with U2F? For my non U2F flow, after I log in it redirects the internal Electron browser to the Google OAuth page. Does U2F cause something to open in another window, or in an actual browser?

[sboulkour]

@eric-zeng yes, I'm using the desktop app.
Let's forget what I said about browsers, I believe I added some noise with wrong assumptions ...

The flow is as follow :

• Login in the app to Keybase
• The app shows me the Google Login Screen
• I login to Google (with login and password)
• Then the Google form asks for my U2F token and a popup (still within the app) tells me that U2F only works on Google Chrome. I can bypass the popup and try anyway, but my USB token isn't recognized and I'm stuck at that point.

[eric-zeng]

Ah, I see. The U2F pop-up is still running in Electron (which is running Chromium). But I think the issue is that Electron doesn't support Google's gnubby extension, which enables U2F keys. Brave got around this by forking Electron (see brave/browser-laptop#518) and enabling extension support.

I'll look into switching to muon at some point, but for now I'd just recommend using the web version with Chrome.

[sboulkour]

Alright ! Thks for your answers, and for your work on Confidante. I like the app very much so far :)