Skip to content

Cannot log in with passkey that has user verification enabled #36019

New issue
New issue
Open
Open
Cannot log in with passkey that has user verification enabled#36019
Labels
type/bug
@sdellenb

Description

@sdellenb
sdellenb
opened on Nov 24, 2025

Description

Passkeys with always_uv enabled can be enrolled, but not used for login.

Workaround

Disable always_uv on the passkey and login works both for username-password+2FA and passkey-only.

Related

#35362 (different scenario)

More Details

The webauthn config uses "userVerification": "discouraged" while a passkey with always_uv mandates PIN entry (in my case it's a Token2 Dual with firmware Release 3.3).

Gitea Version

1.25.2

Can you reproduce the bug on the Gitea demo site?

No

Log Gist

No response

Screenshots

After completing the passkey-only login workflow, instead of the resident key selection window, this error message is shown:

Image

When using the username-password login flow, the same error message is shown for the 2FA:

Image

Git Version

Not sure which git version is in the docker container.

Operating System

Rocky Linux 9 / Docker CE 29.0.2

How are you running Gitea?

Docker image docker.gitea.com/gitea:latest-rootless in a compose stack.

Database

MySQL/MariaDB

Metadata

Metadata

Assignees

No one assigned

    Labels

    type/bug

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions