hyatt.com can not register passkeys using 1Password browser extension
This came out of https://www.reddit.com/r/1Password/comments/1dwt28u/hyatt1password_passkey_creation_disconnect/ fyi and here's a version of my comment on that post:
The hyatt.com website used to work fine with the 1Password browser extension and passkeys. I was able to register a key, and could use it up through today. However, something has changed and now trying to register a key fails 100% of the time with "We were unable to create a passkey. Please try again."
I spent a bit of time testing, and the problem is specifically between the Hyatt site and the 1Password extension. I tried with 2.25.1 stable and 2.26.0 beta, mostly using Chrome 126.0.6478.127 and also Safari 17.5 on Mac OS 14.5. I also tried Windows 11 w/ similar set up and the same results.
The Hyatt site does some silly things with passkey requests (below), but if I hit the USB icon on the 1PW passkey prompt, I can register and login with every other passkey authenticator I tried (eg Chrome, Google Password Manager, iCloud Keychain, Yubikey, etc). The 1PW extension works on other websites I tried, but not Hyatt.
Interestingly, the Hyatt website has 2 options for creating passkeys. "Create Passkey" which shows device-only authenticators, and "Use a different device to create a passkey" which shows non-device-only authenticators. This is setting authenticatorAttachment:"platform" vs "cross-platform" in the creation request. I have no idea why they do this, versus not specifying the option which lets the user choose any authenticator that's available which is what most sites do. 🤷♂️ Just to be clear, in testing with webauthn.io the 1PW extension works fine for any setting.
1Password Version: 8.10.34
Extension Version: 2.25.1
OS Version: macOS 14.5 and Windows 11
Browser: Chrome and Safari
