Axton

Thank you for your report! This should be fixed when this plugin updates next time. This warning comes from webauthn-framework and should be fixed in the latest version.

Hi levismodding,

I understand your concern. I’m working on the plugin right now ?? so please rest assured it is not dead.

Here’s the situation. Due to my personal circumstances I did pause the development for a while, and since this plugin is based on https://github.com/web-auth/webauthn-framework which had just released version 5.0, I’m currently working on make the plugin compatible with this new version (and also new webauthn standard). I’ll publish updates once all these work done.

as for the “compatibility” tag, I’ll update it once I get current version tested on the latest WordPress.

Hi cy,

There are several reasons why the button is grayed out: Some required extensions are missing in your PHP installation; or your site is not running on HTTPS. Please check the plugin settings page for details.

Hi serpentes,

Sorry it takes some time to reply but unfortunatly I cannot reproduce this error on my end. I have tested wp-webauthn on a freshly installed wordpress instance and everything works. I’ve also tested some plugins that I identified from your error log (e.g. “Content Views”) but no error is found.

It is possible that this error is caused by another plugin, could you pls try deactivating other plugins and try again? If we can locate the incompatible plugin we may be able to fix it

Hi kitchin,

Yes, you are right. I’ll update README asap. I’d like to mention that this is not actually “disable” the Two Factor plugin, just “bypass” the 2FA when users trying to login through WebAuthn. When users trying to login by username and password, the Two Factor plugin will still work and ask for 2FA. This is because Two Factor is not compatible with wp-webauthn. Since WebAuthn offers same level of security naturally, it’s better to bypass 2FA when logging in through WebAuthn

See https://github.com/yrccondor/wp-webauthn/issues/6

Hope this helps.

Hi kitchin,

1. Yes, and this plugin is not offering a new login page so users have to use wp-login.php. This plugin adds some buttons and text fields to wp-login.php so users can login using WebAuthn. Everything else is just like before.
2. This shortcode is to embed a login form that supports WebAuthn login in your pages.

Hope this helps.

Hi pheck,

WP-WebAuthn requires Sodium to work. This is a built-in core extension since PHP 7.2.0.

Glad to know your problem is solved! I’ll now mark this thread as resolved.

Hi jeromerdlv,

Thank you for clarifying your concerns. For “better control”, I mean sub sites should have options to opt in or out the auth set up for the whole network. However sometimes this is conflict with the “website domain” option since authenticators only work under the domain they registered. We’ll try our best to carefully design and implement all these features so that the options work intuitively.

Sorry for the late reply. Hope this helps.

Hi jeromerdlv,

Unfortunately WP-WebAuthn has no proper multi-site support yet. We are currently working on it but it may take some time. Simply switching to get_site_option does meet general needs, but we think it’s better to have more granular control over site permissions.

Hi johnmontfx,

Thank you for reporting, I can now confrim this is a bug. Will fix asap.

• This reply was modified 1 year, 1 month ago by Axton.

There’s must something disturbing the output. Can you check server responses directly using the browser dev tool?

Hi olli23,

The logs look fine. Have you enabled PHP warning output? For back-end, WP-WebAuthn sends messages in certain format to front-end. The front-end will show errors if messages sent by back-end cannot be parsed. If your PHP is producing warnings and warning output is enabled, it will happen.

Hi peter lipp,

Could you pls tell me what browser are you using? The plug-in simplely detects if the API required exist in your browser. If the browser supports webauthn the tests should pass.

Hi Andreas,

Glad to hear the news! Yes, the plug-in is still under maintenance and an update is scheduled in just few days. Just stay tuned ??

Hi mike2972,

For now it is impossible to enable WebAuthn only for admins. This could be a new feature in future updates. Stay tuned ??

Really sorry for the late reply.