Skip to main content
July 7, 2025
Solved

Webauthn Integration Not Working URL mismatch?

  • July 7, 2025
  • 6 replies
  • 359 views

I have built a webauthn integration that works perfectly with native android, google password manager, and bitwarden password manager. However, when I try to use 1Password to save the passkeys I get an error message:

"Unable to save passkey. For security reasons, 1Password did not save this passkey. The associated URL for this passkey does not match the selected app."

I can't find anywhere in the docs how to address this issue. I assume that it is related to the RP ID. I have tried the FQDN as well as the "android:apk-key-hash:" that android returns after a successful verification.

Has anyone run into this before? Is there documentation on how I should be configuring my Attestation payload to be compatible with 1Password?

Best answer by

Hi @drductus ,

Ok! It sounds like the team has gotten to the bottom of this. 

Likely your issue is that you TLS certificate is missing OCSP information, which is likely because if your CA is Let's Encrypt, they are currently deprecating OCSP support.

You can learn more about it here : https://letsencrypt.org/2024/12/05/ending-ocsp/ 

Are you using a Let's Encrypt CA?

Thanks,

Phil

6 replies

July 8, 2025

Hi @drductus ,

I have not heard of this error before, but am taking a look into it here at 1Password.  I hope to have some info later today or tomorrow.

Thanks for reaching out!

Phil

drductusAuthor
July 15, 2025

@1P_Phil have you been able to find anything? My investigations are still hitting dead ends about what is going on. I'm nearly at the point of pulling out wireshark to try to validate all the traffic.

drductusAuthor
July 10, 2025

Hey Phil,

Are you attempting to do any sort of validation against any of the files inside /.well-known/ on the domain associated with the RP ID?

Does 1Password require an existing login to be present before it can save the passkey? We log in using an SMS flow, so there wouldn't be an existing login.

I'm just not sure why these attestation options will work for other password managers but not 1Password.

 

Answer
July 18, 2025

Hi @drductus ,

Ok! It sounds like the team has gotten to the bottom of this. 

Likely your issue is that you TLS certificate is missing OCSP information, which is likely because if your CA is Let's Encrypt, they are currently deprecating OCSP support.

You can learn more about it here : https://letsencrypt.org/2024/12/05/ending-ocsp/ 

Are you using a Let's Encrypt CA?

Thanks,

Phil

drductusAuthor
July 24, 2025

Hey @1P_Phil! We are using Let's Encrypt as our CA, so it looks like our certificate would no longer have OCSP information but will have CRLs. Is there any point that 1Password will update to handle CRLs if the OCSP URLs are not present? Will our integration just continue to fail if we continue using Let's Encrypt? Is there a workaround?

July 30, 2025

we are having the same issue in our application. any plans to support CRLs?

July 30, 2025

Hi @danilo_exactly & @drductus ,

I received confirmation that this is forthcoming. I will reply back regarding timing once I get it.

Cheers,
Phil!