- Edited
Hey!
I haven't used my yubikey on my GrapheneOS phone in a few weeks, but after the recent updates it seems to me like Okta no longer wants to log me into my work account, on my work profile. When in the yubikey stage, it doesn't even prompt me to plug the yubikey in.
The issue is weird, because when I do try to re-enroll my yubikey, I'm actually seeing the prompt to plug the yubikey, and it tells me my yubikey is already enrolled.
I checked with someone else, and the same flow seems to work fine on regular androids.
Here is what I'm seeing in my Chrome logs (as ISTU Vanadium can have compatibility problems with yubikeys, I'm just using Chrome on my work profile):
I ImeTracker: com.android.chrome:[...]:onCancelled at PHASE_CLIENT_ALREADY_HIDDEN
[3 seconds later]
E cr_Fido2Request: FIDO2 call to enumerate credentials failed. Dispatching to CredMan. Barrier.Mode = ONLY_CRED_MAN
[... a long stack trace I'm skipping because I'm retyping everything from my phone]
E cr_CredManHelper: CredMan getCredential call failed: android.credentials.GetCredentialException.TYPE_NO_CREDENTIAL (No credentials available on this device.)
[1 second later]
E AtomicFile: Failed to sync file output stream
[2 seconds later]
E cr_Fido2Request: FIDO2 call to enumerate credentials failed. Dispatching to CredMan. Barrier.Mode = ONLY_CRED_MAN
[etc, 3 times in total]Does that ring a bell to anyone?