Passkey Beta issues
Hello,
Edit: Apologies in advance if this feels rant-y, please order the replies by oldest so that it makes sense!
I just signed up for a test account to be able to use new login with Passkey beta. Super smooth setup, and I was surprised at how quickly I got signed into the new account on my laptop and have all my data in the new account! I have SSH keys in my vault for my NAS, GIT server and commit signing. They imported fine into the new account, and I signed out of my old account.
Using a second passkey I saved to a yubikey, I was able to check out a repo, sign a commit and push changes back to the repo. I was also able to sign into a terminal on my NAS without any issue.
On that same laptop I have a virtual machine for development work. I use MSTSC to remote into this machine, and I have WebAuthn devices forwarded to it. I'm using a Windows Hello and a Microsoft account to sign into the RDP session.
I was also able to easily sign into my 1Password account, lock and unlock my account using the Yubikey connected to the host. When I tried to check out the repo using SSH I ran into an issue.
It asked me to authenticate with my passkey for my git client to use my SSH key. Windows asked which device I wanted to use, I picked my Yubikey, entered the PIN and touched the key as normal. It did not succeed, I got a message saying "Unable to sign in, please try again later or contact support".
Looking at the logs I see:
INFO 2025-07-08T01:09:45.308+00:00 runtime-worker(ThreadId(18)) [1P:op-webauthn-authentication\src\models\sign_in_request_interpreter.rs:75] Found existing device key from disk or backup
INFO 2025-07-08T01:09:45.308+00:00 runtime-worker(ThreadId(18)) [1P:op-webauthn-authentication\src\handlers\sign_in.rs:173] webauthn sign in -- Querying auth methods in an attempt to locate a passkey public key credential and challenge
INFO 2025-07-08T01:09:45.475+00:00 runtime-worker(ThreadId(15)) [1P:op-webauthn-authentication\src\handlers\sign_in.rs:206] webauthn sign in -- Attempting to sign a challenge to authenticate a passkey
INFO 2025-07-08T01:09:52.813+00:00 runtime-worker(ThreadId(15)) [1P:op-webauthn-authentication\src\handlers\sign_in.rs:216] webauthn sign in -- Authenticator assertion succeeded. Now verifying the authenticator's response with B5.
INFO 2025-07-08T01:09:52.867+00:00 runtime-worker(ThreadId(15)) [1P:op-webauthn-authentication\src\handlers\sign_in.rs:248] webauthn sign in -- Assertion has been verified. Responding with an appropriate view model.
INFO 2025-07-08T01:09:52.868+00:00 runtime-worker(ThreadId(15)) [1P:op-webauthn-authentication\src\models\authentication_coordinator.rs:186] Attempting unlock
ERROR 2025-07-08T01:09:52.868+00:00 runtime-worker(ThreadId(15)) [1P:app\op-app\src\app\backend\webauthn_authentication.rs:201] General(WebAuthn unlock failed: AccountAlreadyUnlocked)
ERROR 2025-07-08T01:09:52.869+00:00 runtime-worker(ThreadId(15)) [1P:op-webauthn-authentication\src\handlers\sign_in.rs:56] webauthn sign in -- General(WebAuthn unlock failed: AccountAlreadyUnlocked)
INFO 2025-07-08T01:10:00.322+00:00 runtime-worker(ThreadId(18)) [1P:ssh\op-ssh-agent\src\lib.rs:639] Session was not authorizedIt might be worth noting that when signed into a RDP session like this, Windows Hello on the VM is not available. It's part of the reason I signed up for the beta, Passkey was easier than entering my 44 character master password every time I wanted to make a commit lol
