Titan security key login not working #17365
Comments
dstansby
added
bug 🐛
requires triaging
|
Hi, sorry you're having trouble. I see you have two Titan keys registered, do they both not work? Do you see any errors in the JavaScript console in either browser? Also would it be possible to try in Chrome? |
Yes, neither of them work
In Firefox I see:
Aha, I tried in Chrome and it worked fine! |
|
Thanks, that's helpful. We occasionally see issues with browser's support of various security keys (e.g. #14520), this might be similar. Can you share the computed hash? Also does the error contain a filename? Looks like subresource integrity is failing in your browser for some reason, although this may be unrelated. |
It doesn't reference a particular line number, just the HTML source of https://pypi.org/account/two-factor |
|
I think the only thing we have subresource integrity enabled for is https://media.ethicalads.io/media/client/v1.4.0/ethicalads.min.js, what do you get when you load that page? |
|
another error (which I thought was unrelated earlier) I got was:
And I get that on https://pypi.org/ too, not just the login page, so perhpas the hash error message is a red herring here? |
|
It's possible it's unrelated, although it still shouldn't be happening. That resource should be permitted per our CORS policy: Is it possible you have a browser extension or plugin that might be blocking this? Related to the security key: if you try to test your key with https://demo.yubico.com/webauthn-technical/ or https://www.token2.com/tools/fido2-demo in Firefox, do they give you any errors? |
Yes, uBlock was blocking it. If I turn that off the console error goes away, but I have the same issue with the Titan key. I also have exactly the same issue in Safari with default settings and no plugins (which could well have some built in tracking protection enabled by default?)
I can register, but not authenticate on https://demo.yubico.com/webauthn-technical - I get stuck on the same dialog as with PyPI. And can't register with https://www.token2.com/tools/fido2-demo either. |
|
Seems very likely that this is a browser-specific issue with these keys but I'm not seeing anything obvious and without more details or error messages this is hard to diagnose. If you happen to have a non-Titan key I'd be interested to know if it works. I can likely put you in touch with someone from the Titan team if you'd be able to help them debug! |
|
Afraid I only have Titan keys (unless PyPI wants to give away another brand for free 😉). Would be happy to debug with someone from the Titan team if they'd be interested. For now my immediate issue is solved (by using Chrome), so thanks for the help! |
I'm trying to log in to PyPI using a Titan security key (model K40T), but it's not working. Steps I'm taking:
At this point I would expect to be signed in, but instead I end up stuck on the last dialog box above.
I can successfully use the same security key on the same computer/browser combo, with both Google and GitHub. I get the same dialog boxes as above, but when I touch my security key the last one disappears as expected.
OS: macOS 15.2
Browser: Firefox 133.0.3 (also tested, and not working, on safari 18.2)
The text was updated successfully, but these errors were encountered: