Passkey verification failed on desktop

@james @joseph i found a potential issue. this only happen to Windows OS where microsoft ID is not connected and System only works with local account

@james please check my DM

@james do you want me to share a screen recording ? Or share any logs i have 4 cloudron instances and i faced the same. I use Dashlane for credential management all my passkeys stored in that

@james said:

Hello @dualoswinwiz
What Cloudron version are you currently using where this issue is present?

9.1.5

Subject: Passkey verification failed on desktop, login failure, and 2FA "Confirm" button disabled

@girish Hi, I updated to the latest version, but I'm unfortunately still running into issues with the Passkey feature. Here are the full details of what I'm experiencing across my devices, along with the relevant logs.

1. Initial Setup & Mobile Success:
   I successfully set up a passkey using the Dashlane app on iOS. The initial login worked perfectly, and the passkey login continues to work fine whenever I use that specific phone.

2. Desktop Login Issue & Fallback Failure:
   The next day, I tried to log in via the web on my Windows desktop PC using the passkey, but the login failed. I then tried to fall back to a standard password login. However, when I reached the 2FA screen, the "Confirm" button was greyed out/disabled, leaving me locked out on my PC.

3. Desktop Passkey Setup Error:
   Thinking I needed to reconfigure it, I tried to set up the passkey again directly from my Windows desktop using the Dashlane extension. When I do this, it throws an error stating: "passkey verification failed".

Troubleshooting I tried:

Tested across multiple desktop browsers (Firefox, Chrome, and Edge) — both the 2FA button issue and the setup error happen on all of them.

Double-checked my desktop's time and date settings to ensure everything was properly synced for 2FA.

My Workaround:
I ended up logging into Cloudron via my phone (where the passkey still functioned perfectly) and removed the passkey from my account entirely. Once the passkey was deleted, I was able to successfully log in on my desktop using my normal password + 2FA.

Logs:
I pulled the logs from when I attempted the setup on the desktop, and it looks like it's failing on the user verification step:

Plaintext
Mar 27 14:16:17 passkeys: getRegistrationOptions: generated for user uid-xxxxxxx-xxxx-46a5-80e5-d95d5451d588
Mar 27 14:16:19 passkeys: verifyRegistration: verification failed for user uid-xxxxxxx-xxxx-46a5-80e5-d95d5451d588: Error: User verification was required, but user could not be verified
Mar 27 14:16:19 at verifyRegistrationResponse (file:///home/yellowtent/box/node_modules/@simplewebauthn/server/esm/registration/verifyRegistrationResponse.js:119:15)
Mar 27 14:16:23 apphealthmonitor: app health: 10 running / 1 stopped / 1 unresponsive
Let me know if there's anything else I can test or provide to help track this down!

Please check my DM

@jypelle I am planning for Sovereign / Business license due to AES Secret encryption for credentials before purchasing can i apply that on a cloudron application instance?

When a user is disabled on the Cloudron user page, the disable icon does not appear. However, for any user who was disabled prior to version 9.x, the icon appeared as normal.

Cloudron version
9.0.17
Ubuntu version
Ubuntu 24.04.2 LTS Linux 6.8.0-101-generic

@timconsidine i would like to thank you for your efforts and contributions. Please try to do windmill https://github.com/windmill-labs/windmill
And Dify

https://github.com/AshleyDelph84/dify-self-host

I spend 2 weekends and still not successful

@marcusquinn thank you i will

@marcusquinn but the necessary requirement is to need 2 more bots one bot to audit bookeeper so its kind of more complex and then the 3rd bot as the decision maker so decision should always be 2 to 1. Otherwise it could be a mess. Still thinking

I was thinking few roles for clawdbot / openclaw / agentzero as a bookeeper who with giving access to irs taxcode and postgress database ask him to be my accountant. Still thinking about it but i have to free few weekends for this. Any thoughts / suggestions?

@james said in What's coming in 9.1:

Hello @DualOSWinWiz
Yes you can also run custom apps that are just databases.

So this meant their will be a port mapping facility as well great i dont know if its already their. I am anxious to see how backups and restore will handle the active connection to database.

@girish hey does this include databases containers like Postgress, MySQl, Mongodb, sql server etc? or databases still works as an addon? We need standalone database containers.

i am interested in Extended license but client's requirement is recording should be enabled across the board. is this something you can do in near future? we can talk in Direct Message as well

@girish Cloudron needs this please put it in priority apps i am using it and its way better then n8n where ai related automations are not the priority

@MiroTalk its a intresting solution i use twilio for some telehealth apps my client's biggest requirement is recording meant auto record no end user side option to start or stop recording and push to secure object storage is this something is possible if yes then we might have an opertunity to extend beyond twilio. Regards

I think tacticalrmm https://github.com/amidaware/tacticalrmm is a better qll in one solution it has messh and patch management as well i deployed it separately as it has 3 different apps. Api.xxx.xx , mesh.xxx.xx and rmm.xxx.xx and superadmin has to setup QR code while installation

Recently i gave up on Chat gpt pro subscription as the model seems like a chatty person and real work is sub par it tries to do everything immediately even though you ask to first understand requirements and blah blah blah jo matter how good the prompt is it looses easily i used abusive but nothing worked same thing with google gemini ultra. I found a better approach where i hosted typingmind on clodron surfer app and using anthropic and gemini and openai api keys.

So far the results are anthropic is still better when it comes to development and context but its expensive but if i see the time saved by going back and forth with subscription models this thing still works better. I moved on already. Now my new project is to make ide directly connect with my blackwell 6000 i created a heavy workstation whcih is quite heavy and will surely try to use that in future

@girish This makes a lot of sense for HashiCorp Vault, since it acts as a central trust component and supplies credentials to applications hosted separately. It also fits reasonably well for Uptime Kuma, where servers send heartbeat signals, though that’s a lighter use case. Another strong case is when Cloudron itself is used as the OIDC provider for other applications.