dearsky/pico-fido
1
0
Fork 0
Code Issues 46 Pull Requests 1 Actions Packages Projects Releases 22 Wiki Activity

Cannot add second PicoKey to Microsoft #185

New Issue
Closed
opened 2025-09-07 22:24:23 +08:00 by sst311212 · 11 comments
sst311212 commented 2025-09-07 22:24:23 +08:00 (Migrated from github.com)
Copy Link

No matter which one added first, the second one will not be able to add.

Waveshare RP2350-One

RequestData

{"publicKeyCredentialJson":"{\"clientDataJSON\":\"eyJ0eXBlIjoid2ViYXV0aG4uY3JlYXRlIiwiY2hhbGxlbmdlIjoiTFVOMlQxaEpZbTl1UVU5a0lXOUpOQ3BZT0dsS1QxcHJTbFUzVlc1SFZUUk5WWEZpUzFsalJUTk5RemREVUNGeU9GbFdSblZEZUZkV2JYcFZPSE5wYm1aT1NtcHhOVlZuYVVGM1FVZHdVMFpPVkZVd2RrTTNTRFZTVm1KTVdDRXFTbXAwTmxOeUtrUkRjVlpvTnciLCJvcmlnaW4iOiJodHRwczovL2xvZ2luLm1pY3Jvc29mdC5jb20iLCJjcm9zc09yaWdpbiI6ZmFsc2V9\",\"attestationObject\":\"o2NmbXRmcGFja2VkZ2F0dFN0bXSjY2FsZyZjc2lnWEcwRQIhAJV86ZDjKuNhnZWOX803Qnbum8DzyIcSbjwy4A9n0Ks8AiB5r_6-wZuWT7c41GQgGZA7aA3peDTklgqIE56vb8HvH2N4NWOBWQHKMIIBxjCCAWygAwIBAgIRAI0H1ZNEBzPfenuSQtYKXnswCgYIKoZIzj0EAwIwNDELMAkGA1UEBhMCRVMxETAPBgNVBAoMCFBpY28gSFNNMRIwEAYDVQQDDAlQaWNvIEZJRE8wIBcNMjIwOTAxMDAwMDAwWhgPMjA3MjA4MzEyMzU5NTlaMDQxCzAJBgNVBAYTAkVTMREwDwYDVQQKDAhQaWNvIEhTTTESMBAGA1UEAwwJUGljbyBGSURPMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEQRpCWY-ToPI-JQz-PGwE37BqTbfKhGlSSmcITHQ7migHb-fQbTz1qqS8Icj7ka9VB7W-cRHTJBzX115phqhUl6NdMFswCQYDVR0TBAIwADAdBgNVHQ4EFgQUiKzGxhowmBSTGayUknFgcVbSMncwHwYDVR0jBBgwFoAUiKzGxhowmBSTGayUknFgcVbSMncwDgYDVR0PAQH_BAQDAgKEMAoGCCqGSM49BAMCA0gAMEUCIFHeLD-ABUXcFRsjzHxYC8z3pLeLjH5rRLXZri7NRjPOAiEAzcn1n1wfaYqBaeZIKuf77DqMt_Bqc_HfXflF_CR527xoYXV0aERhdGFYxzVsntSgkyG5aV8er5GCA_G1X2idph-8lhhMFX3aaAyBxQAAACuiU0LAPNxEFI5G9IB_ylEcACjx0AIDAAAAAL8Na9D43IXwb8NUMT-bNQRhSu_rAaTt1miY230PZW_lpQECAyYgASFYIOQoA1ruPYsb12Vt7IbKPDdNJHAsd5agipHovXJXikIqIlgguFJiLw6esIfYeyVEPcuxHqAEGhZ4DazQPhBJmWvPcUqia2NyZWRQcm90ZWN0AWtobWFjLXNlY3JldPU\"}","isPlatformKey":0,"isCredBackupEligible":0,"isCredBackedup":0,"friendlyName":"One","platform":"None","aaguid":"a25342c0-3cdc-4414-8e46-f4807fca511c","sId":"Account_ProofManagement","uiflvr":1001,"uaid":"facc0e7af92b41a699a1f30b12cca215","scid":100109,"hpgid":201030}

ResponseData

{"apiCanary":"6ePegWlhLjx42oYKvVZ9WhuLa5QJM\/7FXdB8Ew2hFwqWcYT1VQV9FB4NOwZ4vN3FHxT4+RukP3zixGlKZ6mAm6A4nAQL8AcKeiAYvOnCT\/B+nJEYv6vq\/VrPQUEZ+BMzlT6iIPLIreXEURnLJqNevIC3vsfn8iKBcELrX9i9RVNgxDTWfBUaF\/PI3bHfsiaUysSA85EREMOYjxvrY4LiaNHBM7NsmVvr\/nh75\/8ihx+0A5daORNTjStfETl\/UMYS:2:3c","telemetryContext":"4Sm7ONJwUzVsuOMgDV7LcREWBk0+zEY0GsAvHakLrcIo6RPlTfeGlcTQaIy2FvCiyySNAK032JgbmjSyUydTus+HrJ2JFAl6MbfFrSmTYkF1RiU1RAAsJ31+2Hi1Kwr1BdR0u12I6681sRsrHau8gQ==:2:3","credentialIds":"[\"8dACAwAAAAC_DWvQ-NyF8G_DVDE_mzUEYUrv6wGk7dZomNt9D2Vv5Q\"]","isSingleDeviceCredentialAdded":true,"passkeyCredentials":[{"dateRegistered":"2025\/9\/7","displayProofName":"One","isSingleDeviceCredential":true,"lastUsedDate":"2025\/9\/7","notificationsEnabled":false,"proofId":"8dACAwAAAAC_DWvQ-NyF8G_DVDE_mzUEYUrv6wGk7dZomNt9D2Vv5Q","proofType":"PassKey"}]}

Waveshare RP2350-Zero

RequestData

{"publicKeyCredentialJson":"{\"clientDataJSON\":\"eyJ0eXBlIjoid2ViYXV0aG4uY3JlYXRlIiwiY2hhbGxlbmdlIjoiTFVOeE0xZFBZVW9oS2pRNVJ6Wk5ZVmN4ZWtWNGVDRmxRamxMYkRRaFZUaHpWVWxuZDJGTFZGbDNLa1ZYUlV4aWFHRlJZMDFzT0hsYU1DbzNNbXhTU1VOTFpuRjBUR05oWXpCd1ZtZElRbUZCVTJOQlRWUkRNVkpKY0Rsc1NXbFlkblp5YVZrNFlYbDJjM0ZrUXciLCJvcmlnaW4iOiJodHRwczovL2xvZ2luLm1pY3Jvc29mdC5jb20iLCJjcm9zc09yaWdpbiI6ZmFsc2V9\",\"attestationObject\":\"o2NmbXRmcGFja2VkZ2F0dFN0bXSjY2FsZyZjc2lnWEcwRQIhAOS3gwSabKWrIBCe3XL8w36jCoHOKUR5tOqzfROZotI_AiA_hptoDSv2jfQh3eUfMVoY8LQNQ4S7hBUmD-04EucUo2N4NWOBWQHKMIIBxjCCAWugAwIBAgIQPTf7rBRdOz2moziOf7t32DAKBggqhkjOPQQDAjA0MQswCQYDVQQGEwJFUzERMA8GA1UECgwIUGljbyBIU00xEjAQBgNVBAMMCVBpY28gRklETzAgFw0yMjA5MDEwMDAwMDBaGA8yMDcyMDgzMTIzNTk1OVowNDELMAkGA1UEBhMCRVMxETAPBgNVBAoMCFBpY28gSFNNMRIwEAYDVQQDDAlQaWNvIEZJRE8wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATv0iQLZFar4AvAQfVzlddTkUfU5Y1gMu-13TUP6GghVRUGqiP1NaRCNzTVzaEuHYRzyl7RXjZiiDmWA-3QuyO2o10wWzAJBgNVHRMEAjAAMB0GA1UdDgQWBBQB5kjJzk6nbUH1wnnU6DdNDnz27jAfBgNVHSMEGDAWgBQB5kjJzk6nbUH1wnnU6DdNDnz27jAOBgNVHQ8BAf8EBAMCAoQwCgYIKoZIzj0EAwIDSQAwRgIhALgQ3Q1cCfafDp9s80tfgOJbhdIXpC1ZFxb0ZYRWD-ibAiEAxnf0yUYisgtQCn3y_F-HShUIGfTtyatcltREQ1r3pupoYXV0aERhdGFYxzVsntSgkyG5aV8er5GCA_G1X2idph-8lhhMFX3aaAyBxQAAACKiU0LAPNxEFI5G9IB_ylEcACjx0AIDAAAAAEwxq2Xwc-ND2l_nqHdz432eNSE3vjoz1ZpZh1hCFdoipQECAyYgASFYILinfBJnE4B5g2VQ_YJS62YcI4f-yCM8akCEcysXkI4wIlgg2DI-Sr5x7d_Nlgng2AAVfu7XyJgzDF5dWv6cAYOkA0Sia2NyZWRQcm90ZWN0AWtobWFjLXNlY3JldPU\"}","isPlatformKey":0,"isCredBackupEligible":0,"isCredBackedup":0,"friendlyName":"Zero","platform":"None","aaguid":"a25342c0-3cdc-4414-8e46-f4807fca511c","sId":"Account_ProofManagement","uiflvr":1001,"uaid":"facc0e7af92b41a699a1f30b12cca215","scid":100109,"hpgid":201030}

ResponseData

{"error":{"code":"500","data":"","showError":true,"stackTrace":""}}
No matter which one added first, the second one will not be able to add. ## Waveshare RP2350-One ## ***RequestData*** ``` {"publicKeyCredentialJson":"{\"clientDataJSON\":\"eyJ0eXBlIjoid2ViYXV0aG4uY3JlYXRlIiwiY2hhbGxlbmdlIjoiTFVOMlQxaEpZbTl1UVU5a0lXOUpOQ3BZT0dsS1QxcHJTbFUzVlc1SFZUUk5WWEZpUzFsalJUTk5RemREVUNGeU9GbFdSblZEZUZkV2JYcFZPSE5wYm1aT1NtcHhOVlZuYVVGM1FVZHdVMFpPVkZVd2RrTTNTRFZTVm1KTVdDRXFTbXAwTmxOeUtrUkRjVlpvTnciLCJvcmlnaW4iOiJodHRwczovL2xvZ2luLm1pY3Jvc29mdC5jb20iLCJjcm9zc09yaWdpbiI6ZmFsc2V9\",\"attestationObject\":\"o2NmbXRmcGFja2VkZ2F0dFN0bXSjY2FsZyZjc2lnWEcwRQIhAJV86ZDjKuNhnZWOX803Qnbum8DzyIcSbjwy4A9n0Ks8AiB5r_6-wZuWT7c41GQgGZA7aA3peDTklgqIE56vb8HvH2N4NWOBWQHKMIIBxjCCAWygAwIBAgIRAI0H1ZNEBzPfenuSQtYKXnswCgYIKoZIzj0EAwIwNDELMAkGA1UEBhMCRVMxETAPBgNVBAoMCFBpY28gSFNNMRIwEAYDVQQDDAlQaWNvIEZJRE8wIBcNMjIwOTAxMDAwMDAwWhgPMjA3MjA4MzEyMzU5NTlaMDQxCzAJBgNVBAYTAkVTMREwDwYDVQQKDAhQaWNvIEhTTTESMBAGA1UEAwwJUGljbyBGSURPMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEQRpCWY-ToPI-JQz-PGwE37BqTbfKhGlSSmcITHQ7migHb-fQbTz1qqS8Icj7ka9VB7W-cRHTJBzX115phqhUl6NdMFswCQYDVR0TBAIwADAdBgNVHQ4EFgQUiKzGxhowmBSTGayUknFgcVbSMncwHwYDVR0jBBgwFoAUiKzGxhowmBSTGayUknFgcVbSMncwDgYDVR0PAQH_BAQDAgKEMAoGCCqGSM49BAMCA0gAMEUCIFHeLD-ABUXcFRsjzHxYC8z3pLeLjH5rRLXZri7NRjPOAiEAzcn1n1wfaYqBaeZIKuf77DqMt_Bqc_HfXflF_CR527xoYXV0aERhdGFYxzVsntSgkyG5aV8er5GCA_G1X2idph-8lhhMFX3aaAyBxQAAACuiU0LAPNxEFI5G9IB_ylEcACjx0AIDAAAAAL8Na9D43IXwb8NUMT-bNQRhSu_rAaTt1miY230PZW_lpQECAyYgASFYIOQoA1ruPYsb12Vt7IbKPDdNJHAsd5agipHovXJXikIqIlgguFJiLw6esIfYeyVEPcuxHqAEGhZ4DazQPhBJmWvPcUqia2NyZWRQcm90ZWN0AWtobWFjLXNlY3JldPU\"}","isPlatformKey":0,"isCredBackupEligible":0,"isCredBackedup":0,"friendlyName":"One","platform":"None","aaguid":"a25342c0-3cdc-4414-8e46-f4807fca511c","sId":"Account_ProofManagement","uiflvr":1001,"uaid":"facc0e7af92b41a699a1f30b12cca215","scid":100109,"hpgid":201030} ``` ***ResponseData*** ``` {"apiCanary":"6ePegWlhLjx42oYKvVZ9WhuLa5QJM\/7FXdB8Ew2hFwqWcYT1VQV9FB4NOwZ4vN3FHxT4+RukP3zixGlKZ6mAm6A4nAQL8AcKeiAYvOnCT\/B+nJEYv6vq\/VrPQUEZ+BMzlT6iIPLIreXEURnLJqNevIC3vsfn8iKBcELrX9i9RVNgxDTWfBUaF\/PI3bHfsiaUysSA85EREMOYjxvrY4LiaNHBM7NsmVvr\/nh75\/8ihx+0A5daORNTjStfETl\/UMYS:2:3c","telemetryContext":"4Sm7ONJwUzVsuOMgDV7LcREWBk0+zEY0GsAvHakLrcIo6RPlTfeGlcTQaIy2FvCiyySNAK032JgbmjSyUydTus+HrJ2JFAl6MbfFrSmTYkF1RiU1RAAsJ31+2Hi1Kwr1BdR0u12I6681sRsrHau8gQ==:2:3","credentialIds":"[\"8dACAwAAAAC_DWvQ-NyF8G_DVDE_mzUEYUrv6wGk7dZomNt9D2Vv5Q\"]","isSingleDeviceCredentialAdded":true,"passkeyCredentials":[{"dateRegistered":"2025\/9\/7","displayProofName":"One","isSingleDeviceCredential":true,"lastUsedDate":"2025\/9\/7","notificationsEnabled":false,"proofId":"8dACAwAAAAC_DWvQ-NyF8G_DVDE_mzUEYUrv6wGk7dZomNt9D2Vv5Q","proofType":"PassKey"}]} ``` ## Waveshare RP2350-Zero ## ***RequestData*** ``` {"publicKeyCredentialJson":"{\"clientDataJSON\":\"eyJ0eXBlIjoid2ViYXV0aG4uY3JlYXRlIiwiY2hhbGxlbmdlIjoiTFVOeE0xZFBZVW9oS2pRNVJ6Wk5ZVmN4ZWtWNGVDRmxRamxMYkRRaFZUaHpWVWxuZDJGTFZGbDNLa1ZYUlV4aWFHRlJZMDFzT0hsYU1DbzNNbXhTU1VOTFpuRjBUR05oWXpCd1ZtZElRbUZCVTJOQlRWUkRNVkpKY0Rsc1NXbFlkblp5YVZrNFlYbDJjM0ZrUXciLCJvcmlnaW4iOiJodHRwczovL2xvZ2luLm1pY3Jvc29mdC5jb20iLCJjcm9zc09yaWdpbiI6ZmFsc2V9\",\"attestationObject\":\"o2NmbXRmcGFja2VkZ2F0dFN0bXSjY2FsZyZjc2lnWEcwRQIhAOS3gwSabKWrIBCe3XL8w36jCoHOKUR5tOqzfROZotI_AiA_hptoDSv2jfQh3eUfMVoY8LQNQ4S7hBUmD-04EucUo2N4NWOBWQHKMIIBxjCCAWugAwIBAgIQPTf7rBRdOz2moziOf7t32DAKBggqhkjOPQQDAjA0MQswCQYDVQQGEwJFUzERMA8GA1UECgwIUGljbyBIU00xEjAQBgNVBAMMCVBpY28gRklETzAgFw0yMjA5MDEwMDAwMDBaGA8yMDcyMDgzMTIzNTk1OVowNDELMAkGA1UEBhMCRVMxETAPBgNVBAoMCFBpY28gSFNNMRIwEAYDVQQDDAlQaWNvIEZJRE8wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATv0iQLZFar4AvAQfVzlddTkUfU5Y1gMu-13TUP6GghVRUGqiP1NaRCNzTVzaEuHYRzyl7RXjZiiDmWA-3QuyO2o10wWzAJBgNVHRMEAjAAMB0GA1UdDgQWBBQB5kjJzk6nbUH1wnnU6DdNDnz27jAfBgNVHSMEGDAWgBQB5kjJzk6nbUH1wnnU6DdNDnz27jAOBgNVHQ8BAf8EBAMCAoQwCgYIKoZIzj0EAwIDSQAwRgIhALgQ3Q1cCfafDp9s80tfgOJbhdIXpC1ZFxb0ZYRWD-ibAiEAxnf0yUYisgtQCn3y_F-HShUIGfTtyatcltREQ1r3pupoYXV0aERhdGFYxzVsntSgkyG5aV8er5GCA_G1X2idph-8lhhMFX3aaAyBxQAAACKiU0LAPNxEFI5G9IB_ylEcACjx0AIDAAAAAEwxq2Xwc-ND2l_nqHdz432eNSE3vjoz1ZpZh1hCFdoipQECAyYgASFYILinfBJnE4B5g2VQ_YJS62YcI4f-yCM8akCEcysXkI4wIlgg2DI-Sr5x7d_Nlgng2AAVfu7XyJgzDF5dWv6cAYOkA0Sia2NyZWRQcm90ZWN0AWtobWFjLXNlY3JldPU\"}","isPlatformKey":0,"isCredBackupEligible":0,"isCredBackedup":0,"friendlyName":"Zero","platform":"None","aaguid":"a25342c0-3cdc-4414-8e46-f4807fca511c","sId":"Account_ProofManagement","uiflvr":1001,"uaid":"facc0e7af92b41a699a1f30b12cca215","scid":100109,"hpgid":201030} ``` ***ResponseData*** ``` {"error":{"code":"500","data":"","showError":true,"stackTrace":""}} ```
polhenarejos commented 2025-09-07 23:10:30 +08:00 (Migrated from github.com)
Copy Link

But is this allowed by MS?

But is this allowed by MS?
sst311212 commented 2025-09-07 23:17:03 +08:00 (Migrated from github.com)
Copy Link

Yes, the One I added into MS can use for login.

Yes, the `One` I added into MS can use for login.
polhenarejos commented 2025-09-08 00:38:15 +08:00 (Migrated from github.com)
Copy Link

Where do you get the logs from?

Where do you get the logs from?
sst311212 commented 2025-09-08 00:47:17 +08:00 (Migrated from github.com)
Copy Link

I use Charles Proxy to record HTTP Request, data is from this API.
https://account.live.com/API/Proofs/ProvisionPasskey

I use `Charles Proxy` to record HTTP Request, data is from this API. `https://account.live.com/API/Proofs/ProvisionPasskey`
polhenarejos commented 2025-09-08 01:48:15 +08:00 (Migrated from github.com)
Copy Link

Please steps to reproduce.

Please steps to reproduce.
sst311212 commented 2025-09-08 02:12:35 +08:00 (Migrated from github.com)
Copy Link

I have email you a video with subject Reproduce about failing add second Picokey to MS.

I have email you a video with subject `Reproduce about failing add second Picokey to MS`.
polhenarejos commented 2025-09-08 18:00:21 +08:00 (Migrated from github.com)
Copy Link

Did you try it with a Yubikey?

Did you try it with a Yubikey?
sst311212 commented 2025-09-08 18:05:43 +08:00 (Migrated from github.com)
Copy Link

Sadly, I don't have genuine Yubikey.
But I can add IdemKey to MS after adding any PicoKeys.

RequestData

{"publicKeyCredentialJson":"{\"clientDataJSON\":\"eyJ0eXBlIjoid2ViYXV0aG4uY3JlYXRlIiwiY2hhbGxlbmdlIjoiTFVOb2VXRldSRzQ1VW13NGNGWnVkMkl6VWtaVVVTRXFXbkJZTUV0b2RGZzVURTR4VDFaSGIyMVpaRGRDTkRJMmN5RlZRMFExYW5CdFJ6Sm5jVzVxYWpWbmNHVnZhM2R4T1NGRmFWWnlOMUJvVjA5NWNYQnFaV1l5ZW10dk1sQkVUSFZyU1hCRFNIWTRiblJhUVEiLCJvcmlnaW4iOiJodHRwczovL2xvZ2luLm1pY3Jvc29mdC5jb20iLCJjcm9zc09yaWdpbiI6ZmFsc2V9\",\"attestationObject\":\"o2NmbXRmcGFja2VkZ2F0dFN0bXSjY2FsZyZjc2lnWEYwRAIgMDGrqG1dqU9_7ULy7auEHAOiRQSadOppc6CKdBgxfVUCIDfUmknAJCo67hivfc_ifmC6CdX98T7S3kh982UkbbqmY3g1Y4FZAmYwggJiMIICB6ADAgECAgEBMAoGCCqGSM49BAMCMDsxIDAeBgNVBAMMF0dvVHJ1c3QgRklETzIgUm9vdCBDQSAxMRcwFQYDVQQKDA5Hb1RydXN0SUQgSW5jLjAeFw0yMTAzMDQwOTMxMzRaFw00MTAyMjcwOTMxMzRaMIGsMS0wKwYDVQQDDCRHb1RydXN0IElkZW0gS2V5IEZJRE8yIEF1dGhlbnRpY2F0b3IxCzAJBgNVBAYTAlVTMSQwIgYJKoZIhvcNAQkBFhVzdXBwb3J0QGdvdHJ1c3RpZC5jb20xCzAJBgNVBAcMAkNBMRcwFQYDVQQKDA5Hb1RydXN0SUQgSW5jLjEiMCAGA1UECwwZQXV0aGVudGljYXRvciBBdHRlc3RhdGlvbjBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABE6iNwKxcGkUz26So1d_eKycsgH04hmHavmZP5plP6xv23q9Wpu2oarDq8ABjqt0_MyiWI582aNHfVQ48Se_M4CjgYkwgYYwDAYDVR0TAQH_BAIwADAdBgNVHQ4EFgQUO8EhHBLZUqMrA8VbiNPqb30VLxgwHwYDVR0jBBgwFoAUY1sU6NRKt92a8Xyw1rLHXWw_72UwEwYLKwYBBAGC5RwCAQEEBAMCBDAwIQYLKwYBBAGC5RwBAQQEEgQQOxrbmQ3-Rv2QuH92FKTeKjAKBggqhkjOPQQDAgNJADBGAiEAtHVUGyeEADky44HX2JUTTqUVMPyhtncwbGhkLJ2KpsECIQDRWxkJ4rQXIkh07lMOjiUgxeBvCCdzWslNUTHQa9HnqWhhdXRoRGF0YViiNWye1KCTIblpXx6vkYID8bVfaJ2mH7yWGEwVfdpoDIHFAAAA9jsa25kN_kb9kLh_dhSk3ioAEKtAGG0zpvGkLGqN6Z0ALo-lAQIDJiABIVggwCp-M7OE2W48DvixtcelbvW6isBcymJQ553zwvJJkrwiWCCwbbCa_uVTAb4eCiAVEBQllI5GbeuZ0HUDs1E2YtR1G6FraG1hYy1zZWNyZXT1\"}","isPlatformKey":0,"isCredBackupEligible":0,"isCredBackedup":0,"friendlyName":"IdemKey","platform":"None","aaguid":"3b1adb99-0dfe-46fd-90b8-7f7614a4de2a","sId":"Account_ProofManagement","uiflvr":1001,"uaid":"c7278a6a7b38423a8d289c0402ef4209","scid":100109,"hpgid":201030}

ResponseData

{"apiCanary":"ynneXx\/zJryk8waJczOlb22G5QGFpB9eErDjOyuQyYoQ7QZaakUygj52mzJZW7cKTfCKpmpk6MHlyiZQUC+GrD2i4IMKey8IL2lYmrWtnGQeMDh+xfvC3jXUJM7k3l78vRZAskQ9dST4RoBq3T3A3pYlzzcGG4TWNco6IfPR8hQSkmrCrIQRj3sIgy96ROHzEyWrGulbafT7gamWczvlQIEEkIJ9Tq7tEn8K6Lo1mi8a1hh1X4hzk5RYXe6HJb5F:2:3c","telemetryContext":"hoD8u2odcqerwkzR9WNM3m7UeF+s62sggHJTGo8AKBXO3y7Ax+PFXhPS8H1EmiUobsY+ukwXQkX97aUJF6pI1Z9LT5KL7U1vxWCIKdaiAhzVgbg1YuAvr0wN7cR\/AP5s517CvD2byLZvyh7PpUus7A==:2:3","credentialIds":"[\"q0AYbTOm8aQsao3pnQAujw\",\"8dACAwAAAABK_YzcvcuI5CUlP6A85ghaJLnI9aqaBo0G-3fSMIJpnw\"]","isSingleDeviceCredentialAdded":true,"passkeyCredentials":[{"dateRegistered":"2025\/9\/8","displayProofName":"IdemKey","isSingleDeviceCredential":true,"lastUsedDate":"2025\/9\/8","notificationsEnabled":false,"proofId":"q0AYbTOm8aQsao3pnQAujw","proofType":"PassKey"},{"dateRegistered":"2025\/9\/7","displayProofName":"One","isSingleDeviceCredential":true,"lastUsedDate":"2025\/9\/8","notificationsEnabled":false,"proofId":"8dACAwAAAABK_YzcvcuI5CUlP6A85ghaJLnI9aqaBo0G-3fSMIJpnw","proofType":"PassKey"}]}
Sadly, I don't have genuine Yubikey. But I can add IdemKey to MS after adding any PicoKeys. ***RequestData*** ``` {"publicKeyCredentialJson":"{\"clientDataJSON\":\"eyJ0eXBlIjoid2ViYXV0aG4uY3JlYXRlIiwiY2hhbGxlbmdlIjoiTFVOb2VXRldSRzQ1VW13NGNGWnVkMkl6VWtaVVVTRXFXbkJZTUV0b2RGZzVURTR4VDFaSGIyMVpaRGRDTkRJMmN5RlZRMFExYW5CdFJ6Sm5jVzVxYWpWbmNHVnZhM2R4T1NGRmFWWnlOMUJvVjA5NWNYQnFaV1l5ZW10dk1sQkVUSFZyU1hCRFNIWTRiblJhUVEiLCJvcmlnaW4iOiJodHRwczovL2xvZ2luLm1pY3Jvc29mdC5jb20iLCJjcm9zc09yaWdpbiI6ZmFsc2V9\",\"attestationObject\":\"o2NmbXRmcGFja2VkZ2F0dFN0bXSjY2FsZyZjc2lnWEYwRAIgMDGrqG1dqU9_7ULy7auEHAOiRQSadOppc6CKdBgxfVUCIDfUmknAJCo67hivfc_ifmC6CdX98T7S3kh982UkbbqmY3g1Y4FZAmYwggJiMIICB6ADAgECAgEBMAoGCCqGSM49BAMCMDsxIDAeBgNVBAMMF0dvVHJ1c3QgRklETzIgUm9vdCBDQSAxMRcwFQYDVQQKDA5Hb1RydXN0SUQgSW5jLjAeFw0yMTAzMDQwOTMxMzRaFw00MTAyMjcwOTMxMzRaMIGsMS0wKwYDVQQDDCRHb1RydXN0IElkZW0gS2V5IEZJRE8yIEF1dGhlbnRpY2F0b3IxCzAJBgNVBAYTAlVTMSQwIgYJKoZIhvcNAQkBFhVzdXBwb3J0QGdvdHJ1c3RpZC5jb20xCzAJBgNVBAcMAkNBMRcwFQYDVQQKDA5Hb1RydXN0SUQgSW5jLjEiMCAGA1UECwwZQXV0aGVudGljYXRvciBBdHRlc3RhdGlvbjBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABE6iNwKxcGkUz26So1d_eKycsgH04hmHavmZP5plP6xv23q9Wpu2oarDq8ABjqt0_MyiWI582aNHfVQ48Se_M4CjgYkwgYYwDAYDVR0TAQH_BAIwADAdBgNVHQ4EFgQUO8EhHBLZUqMrA8VbiNPqb30VLxgwHwYDVR0jBBgwFoAUY1sU6NRKt92a8Xyw1rLHXWw_72UwEwYLKwYBBAGC5RwCAQEEBAMCBDAwIQYLKwYBBAGC5RwBAQQEEgQQOxrbmQ3-Rv2QuH92FKTeKjAKBggqhkjOPQQDAgNJADBGAiEAtHVUGyeEADky44HX2JUTTqUVMPyhtncwbGhkLJ2KpsECIQDRWxkJ4rQXIkh07lMOjiUgxeBvCCdzWslNUTHQa9HnqWhhdXRoRGF0YViiNWye1KCTIblpXx6vkYID8bVfaJ2mH7yWGEwVfdpoDIHFAAAA9jsa25kN_kb9kLh_dhSk3ioAEKtAGG0zpvGkLGqN6Z0ALo-lAQIDJiABIVggwCp-M7OE2W48DvixtcelbvW6isBcymJQ553zwvJJkrwiWCCwbbCa_uVTAb4eCiAVEBQllI5GbeuZ0HUDs1E2YtR1G6FraG1hYy1zZWNyZXT1\"}","isPlatformKey":0,"isCredBackupEligible":0,"isCredBackedup":0,"friendlyName":"IdemKey","platform":"None","aaguid":"3b1adb99-0dfe-46fd-90b8-7f7614a4de2a","sId":"Account_ProofManagement","uiflvr":1001,"uaid":"c7278a6a7b38423a8d289c0402ef4209","scid":100109,"hpgid":201030} ``` ***ResponseData*** ``` {"apiCanary":"ynneXx\/zJryk8waJczOlb22G5QGFpB9eErDjOyuQyYoQ7QZaakUygj52mzJZW7cKTfCKpmpk6MHlyiZQUC+GrD2i4IMKey8IL2lYmrWtnGQeMDh+xfvC3jXUJM7k3l78vRZAskQ9dST4RoBq3T3A3pYlzzcGG4TWNco6IfPR8hQSkmrCrIQRj3sIgy96ROHzEyWrGulbafT7gamWczvlQIEEkIJ9Tq7tEn8K6Lo1mi8a1hh1X4hzk5RYXe6HJb5F:2:3c","telemetryContext":"hoD8u2odcqerwkzR9WNM3m7UeF+s62sggHJTGo8AKBXO3y7Ax+PFXhPS8H1EmiUobsY+ukwXQkX97aUJF6pI1Z9LT5KL7U1vxWCIKdaiAhzVgbg1YuAvr0wN7cR\/AP5s517CvD2byLZvyh7PpUus7A==:2:3","credentialIds":"[\"q0AYbTOm8aQsao3pnQAujw\",\"8dACAwAAAABK_YzcvcuI5CUlP6A85ghaJLnI9aqaBo0G-3fSMIJpnw\"]","isSingleDeviceCredentialAdded":true,"passkeyCredentials":[{"dateRegistered":"2025\/9\/8","displayProofName":"IdemKey","isSingleDeviceCredential":true,"lastUsedDate":"2025\/9\/8","notificationsEnabled":false,"proofId":"q0AYbTOm8aQsao3pnQAujw","proofType":"PassKey"},{"dateRegistered":"2025\/9\/7","displayProofName":"One","isSingleDeviceCredential":true,"lastUsedDate":"2025\/9\/8","notificationsEnabled":false,"proofId":"8dACAwAAAABK_YzcvcuI5CUlP6A85ghaJLnI9aqaBo0G-3fSMIJpnw","proofType":"PassKey"}]} ```
polhenarejos commented 2025-09-10 04:36:38 +08:00 (Migrated from github.com)
Copy Link

It’s hard to figure out what’s going on Microsoft’s backend without a more explicit message. It’s even harder by the fact that the 1st key can be registered without problems but not the 2nd, no matter the order.

It’s hard to figure out what’s going on Microsoft’s backend without a more explicit message. It’s even harder by the fact that the 1st key can be registered without problems but not the 2nd, no matter the order.
sst311212 commented 2025-09-10 19:59:46 +08:00 (Migrated from github.com)
Copy Link

I think the problem is CRED_PROTO_RESIDENT, all PicoKeys use the same 4 Bytes make MS thought is identical Key.
Therefore, I change CRED_PROTO_RESIDENT string to YUBI on another PicoKey, then I can add this key to MS.

#define CRED_PROTO_21_S                     "\xf1\xd0\x02\x01"
#define CRED_PROTO_22_S                     "\xf1\xd0\x02\x02"
#define CRED_PROTO_23_S                     "\xf1\xd0\x02\x03"
#define CRED_PROTO_YB_S                     "YUBI"

#define CRED_PROTO                          CRED_PROTO_22_S

#define CRED_PROTO_LEN                      4
#define CRED_IV_LEN                         12
#define CRED_TAG_LEN                        16
#define CRED_SILENT_TAG_LEN                 16

#define CRED_PROTO_RESIDENT                 CRED_PROTO_YB_S
#define CRED_PROTO_RESIDENT_LEN             4
#define CRED_RESIDENT_HEADER_LEN            (CRED_PROTO_RESIDENT_LEN + 4)
#define CRED_RESIDENT_LEN                   (CRED_RESIDENT_HEADER_LEN + 32)
I think the problem is `CRED_PROTO_RESIDENT`, all `PicoKeys` use the same 4 Bytes make MS thought is identical Key. Therefore, I change `CRED_PROTO_RESIDENT` string to `YUBI` on another `PicoKey`, then I can add this key to MS. ``` #define CRED_PROTO_21_S "\xf1\xd0\x02\x01" #define CRED_PROTO_22_S "\xf1\xd0\x02\x02" #define CRED_PROTO_23_S "\xf1\xd0\x02\x03" #define CRED_PROTO_YB_S "YUBI" #define CRED_PROTO CRED_PROTO_22_S #define CRED_PROTO_LEN 4 #define CRED_IV_LEN 12 #define CRED_TAG_LEN 16 #define CRED_SILENT_TAG_LEN 16 #define CRED_PROTO_RESIDENT CRED_PROTO_YB_S #define CRED_PROTO_RESIDENT_LEN 4 #define CRED_RESIDENT_HEADER_LEN (CRED_PROTO_RESIDENT_LEN + 4) #define CRED_RESIDENT_LEN (CRED_RESIDENT_HEADER_LEN + 32) ```
polhenarejos commented 2025-09-11 17:32:30 +08:00 (Migrated from github.com)
Copy Link

I pushed a fix for this. I tested with MS and Bitwarden and both work smoothly. As usual, nightly available tomorrow.

I pushed a fix for this. I tested with MS and Bitwarden and both work smoothly. As usual, nightly available tomorrow.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
bug
Something isn't working
 documentation
Improvements or additions to documentation
 duplicate
This issue or pull request already exists
 enhancement
New feature or request
 good first issue
Good for newcomers
 help wanted
Extra attention is needed
 invalid
This doesn't seem right
 question
Further information is requested
 wontfix
This will not be worked on
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
dearsky
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: dearsky/pico-fido#185
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?