Forcing another session to log out does not support WebAuthn

[cendyne]

Steps to reproduce

Where are you starting? What can you see?

User Settings -> Security -> My Sessions -> Tap on a session -> Tap on "Sign out this session"

Then, by coincidence, it requires me to re-authenticate with my social identity provider, in this case GitHub.

GitHub then requires me to use my security key, because I use 2FA with GitHub.

I tap the use security key button in the web page.
It says "authentication failed", despite using it earlier to sign into this device.

---

Other notes:

I have experienced this with the Cisco AnyConnect app. We had to change our configuration so the iOS app uses a slightly different web view technology.

Something about how SFSafariWebView

Apple Documentation: ASWebAuthenticationSession

Yubico: No reaction when using WebAuthn on macOS, iOS and iPadOS

Apple: Meet Face ID and Touch ID for the Web

Element has no control on what or how the scripts run on a social login provider. This issue likely will only be resolved by switching the web view technology that comes up when tapping "Sign out this session".

Outcome

What did you expect?

I expect to be able to use my security key to authenticate with GitHub and then return to Element's UI to remove the session.

What happened instead?

I was blocked

Your phone model

iPhone 13 Pro Max

Operating system version

17.0.3

Application version

No response

Homeserver

No response

Will you send logs?

Yes

[cendyne]

Rage shaking was not recognized during this flow. I am unable to submit logs with that method. Here's a screenshot at least.

Again, the issue is: The way Element iOS is creating this webview prevents successful use of WebAuthn security keys. This is not a case where my security key failed. I was never prompted to bring my security key to the device.