I was trying to add a new security key at NVIDIA Account. After giving it a name and tapping the key (YubiKey 5 NFC) while it was blinking, I was presented with a success pop-up but an ‘Invalid Request’ warning in the back:
After clicking on ok, I was redirected to https://accounts.nvgs.nvidia.com/api/1/frontend/dialog/auth/factor/setup/finalize, where there was another error message:
Could you please look into this issue? Thank you!
Hello,
Welcome to the forums. I have forwarded your issue to the team that manages the authentication platform.
Thanks for your patience as this issue is investigated.
Hi @FrederickZh,
The team tried to replicate your problem. Unfortunately, they could not find any issue. No other reports of this have been received, so it may be something in your environment. Are you attempting to navigate around the state flow with the back button?
Hi Tom,
I realised that the website now requires Resident Keys.
POST https://accounts.nvgs.nvidia.com/api/1/frontend/dialog/auth/factor/setup/initialize
Status 200
Response
{
"publicKeyCredentialCreationOptions": {
"rp": {
"id": "login.nvgs.nvidia.com",
"name": "NVIDIA",
"icon": "https://www.nvidia.com/favicon.ico"
},
// ...
}
Then
POST https://accounts.nvgs.nvidia.com/api/1/frontend/dialog/auth/factor/setup/finalize
Status 400
Request
{
"authPolicy": "System",
"value": {
"requireResidentKey": true,
"publicKeyCredential": {
// ...
},
},
// ...
}
I did not set a PIN for the FIDO2 applet of my YubiKey, so AFAIU it doesn’t allow resident keys in FIDO2 mode.
Since the website asks for users’ passwords anyway, like emails and authenticator apps, I think I should be able to use my YubiKey solely as a second factor, like it used to be (I registered one successfully in the past). It can recommend using RPs, but should not require them.