Safari 13 now supports FIDO2 USB keys but gitlab asks for code from authenticator

Hi, since Safari 13 there’s native support for FIDO2 USB keys for 2fa but when I try to login in Safari 13 gitlab asks me for my auth code from google authenticator, it should be my USB key as that’s what happens on Chrome :slight_smile:

It’s being worked on. GitLab currently only supports U2F, a precursor to FIDO2. Safari only supports WebAuthn, which part of FIDO2, but not U2F. You can follow the GitLab implementation of support for WebAuthn through the following issue and merge request:

Issue: Switch to Web Authentication (Webauthn) for 2FA for U2F and FIDO2 tokens
MR: Resolve “Switch to Web Authentication (Webauthn) for 2FA for U2F and FIDO2 tokens”

Has there been any progress on FIDO2 / WebAuthn availability as of 13.10? The admin interface still incorrectly says “Your browser doesn’t support U2F”.

Looking at epic &4061, it looks like code and documentation is being merged in. Is it possible to turn this on under a feature flag?

The ability to use WebAuthN is available under a feature flag. How to turn it on is documented on the 2FA help page, but well down the page (and easy to miss).

I can confirm it works with both a YubiKey and the Mac OS fingerprint reader on Safari 14.1.

1 Like