Registering OK, not authenticating

  • owenbarder

    (@owenbarder)


    1 week, 5 days ago

    Hi
    I seem to be able to register an authenticator, but subsequent login fails.

    [2026-05-17 14:50:10][e9a0d8] ajax_create: Start
    [2026-05-17 14:50:10][e9a0d8] ajax_create: name => "surf", type => "none", usernameless => "false"
    [2026-05-17 14:50:10][e9a0d8] ajax_create: user => "xxx"
    [2026-05-17 14:50:10][e9a0d8] ajax_create: excludeCredentials => []
    [2026-05-17 14:50:10][e9a0d8] ajax_create: user_verification => "false"
    [2026-05-17 14:50:10][e9a0d8] ajax_create: Challenge sent
    [2026-05-17 14:50:16][021f6f] ajax_create_response: Client response received
    [2026-05-17 14:50:16][021f6f] ajax_create_response: name => "surf", type => "none", usernameless => "false"
    [2026-05-17 14:50:16][021f6f] ajax_create_response: data => {xxx}
    [2026-05-17 14:50:16][021f6f] ajax_create_response: Credential ID unique check passed
    [2026-05-17 14:50:16][021f6f] ajax_create_response: Challenge verified
    [2026-05-17 14:50:16][021f6f] ajax_create_response: Authenticator added
    [2026-05-17 14:52:22][4e0958] ajax_create: Start
    [2026-05-17 14:52:22][4e0958] ajax_create: name => "surf", type => "none", usernameless => "false"
    [2026-05-17 14:52:22][4e0958] ajax_create: user => "xxx"
    [2026-05-17 14:52:22][4e0958] ajax_create: excludeCredentials => []
    [2026-05-17 14:52:22][4e0958] ajax_create: user_verification => "false"
    [2026-05-17 14:52:22][4e0958] ajax_create: Challenge sent
    [2026-05-17 14:52:37][0cd2d7] ajax_create_response: Client response received
    [2026-05-17 14:52:37][0cd2d7] ajax_create_response: name => "surf", type => "none", usernameless => "false"
    [2026-05-17 14:52:37][0cd2d7] ajax_create_response: data => {}
    [2026-05-17 14:52:37][0cd2d7] ajax_create_response: Credential ID unique check passed
    [2026-05-17 14:52:37][0cd2d7] ajax_create_response: Challenge verified
    [2026-05-17 14:52:37][0cd2d7] ajax_create_response: Authenticator added
    [2026-05-17 14:53:21][e283a0] ajax_auth: Start (conditional)
    [2026-05-17 14:53:21][e283a0] ajax_auth: Empty username, try usernameless authentication
    [2026-05-17 14:53:21][e283a0] ajax_auth: Usernameless authentication, allowedCredentials => []
    [2026-05-17 14:53:21][e283a0] ajax_auth: user_verification => "false"
    [2026-05-17 14:53:21][e283a0] ajax_auth: Usernameless authentication, user_verification => "true"
    [2026-05-17 14:53:21][e283a0] ajax_auth: Challenge sent
    [2026-05-17 14:53:27][09b466] ajax_auth: Start
    [2026-05-17 14:53:27][09b466] ajax_auth: email_login => "true", trying to find user by email address "xxx@xxx"
    [2026-05-17 14:53:27][09b466] ajax_auth: type => "auth", user => "owenbarder"
    [2026-05-17 14:53:27][09b466] ajax_auth: allowedCredentials => []
    [2026-05-17 14:53:27][09b466] ajax_auth: user_verification => "false"
    [2026-05-17 14:53:27][09b466] ajax_auth: Challenge sent
    [2026-05-17 14:53:31][2a1b6f] ajax_auth_response: Client response received
    [2026-05-17 14:53:31][2a1b6f] ajax_auth_response: type => "auth", user => "xxx"
    [2026-05-17 14:53:31][2a1b6f] ajax_auth_response: data => {}
    [2026-05-17 14:53:31][2a1b6f] ajax_auth_response: (ERROR)The credential ID is invalid.
    [2026-05-17 14:53:31][2a1b6f] Traceback:
                                  1) /home/tst/public_html/wp-admin/admin-ajax.php(207): do_action('wp_ajax_nopriv_...')
                                  2) /home/tst/public_html/wp-includes/plugin.php(522): WP_Hook->do_action(Array)
                                  3) /home/tst/public_html/wp-includes/class-wp-hook.php(365): WP_Hook->apply_filters('', Array)
                                  4) /home/tst/public_html/wp-includes/class-wp-hook.php(341): wwa_ajax_auth('')
                                  5) /home/tst/public_html/wp-content/plugins/wp-webauthn/wwa-ajax.php(1162): Webauthn\Server->loadAndCheckAssertionResponse('{"id":"4dUFcKBE...', Object(Webauthn\PublicKeyCredentialRequestOptions), Object(Webauthn\PublicKeyCredentialUserEntity), Object(Nyholm\Psr7\ServerRequest))
                                  6) /home/tst/public_html/wp-content/plugins/wp-webauthn/wp-webauthn-vendor/web-auth/webauthn-lib/src/Server.php(295): Webauthn\AuthenticatorAssertionResponseValidator->check('\xE1\xD5\x05p\xA0D_z~A\x04\xB3S1\x84...', Object(Webauthn\AuthenticatorAssertionResponse), Object(Webauthn\PublicKeyCredentialRequestOptions), Object(Nyholm\Psr7\ServerRequest), '276f928833c33f6...', Array)
                                  7) /home/tst/public_html/wp-content/plugins/wp-webauthn/wp-webauthn-vendor/web-auth/webauthn-lib/src/AuthenticatorAssertionResponseValidator.php(113): Assert\Assertion::notNull(NULL, 'The credential ...')
    [2026-05-17 14:53:31][2a1b6f] ajax_auth_response: (ERROR)Challenge not verified, exit

    (I have removed credentials, I think!)

    Is it obvious what the problem might be? Where can I look?

You must be logged in to reply to this topic.