Passkeys no longer work when using Login v2
Hi all, I'm using the Zitadel Helm chart and whenever I use /ui/v2/login, I can't login using passkeys. V1's login still works, and login v2 is on the same domain so I'm not sure why the passkeys are breaking. Anyone run into anything similar? Thanks
3 Replies
Hi @noreen attahb, I'm an AI assistant for ZITADEL. While a team member reviews this question, I'll see if I can find relevant sources for your question.
Answer
I wasn't able to find a direct answer, here are some relevant sources:
1. Login users into your application with a hosted login UI (1) : Covers Login v2 limitations including that Passkey/U2F setup is bound to a domain, and setting up authentication in the ZITADEL management console will not work if the login runs on a different domain.
2. Using Passkey - Webauthn begin login failed WEBAU-4G8sw (2) : Community discussion about WebAuthn domain matching issues where passkeys only work when the domain matches exactly.
To learn more, see the sources I considered:
[1] Login users into your application with a hosted login UI
[2] Using Passkey - Webauthn begin login failed WEBAU-4G8sw
Feel free to tag @Ask Inkeep with additional questions.
Got it. Tagging @Rajat for additional help.
For further troubleshooting, the console has "EventTypes.session.webAuthN.challenged" but doesn't have the checked event. Using the passkey just appears to reload the page and not go anywhere
Ohhh, I think I saw that https://github.com/zitadel/zitadel/issues/10818 was closed and assumed it was included in the latest Helm update, but I just double checked and the app version on Helm lags behind a few versions.
GitHub
Passkey/WebAuthn login ends in endless loop · Issue #10818 · ...
Environment Zitadel (server): ghcr.io/zitadel/zitadel:latest (also tested with 4.2.2) Login UI: ghcr.io/zitadel/zitadel-login:latest (also tested with 4.2.2) DB: Postgres 17-alpine Reverse proxy: T...