trying to registrate a YubiKey 5 NFC results in a “a unhandled server error has occured” after pressing the yubikey button". I’m using a selfhosted installation of bitwarden version 2.9.0 and follow the instructions on https://help.bitwarden.com/article/setup-two-step-login-yubikey/.
The server log (bwdata/logs/api/Api) says something about an invalid base-64 string (see below).
I’m able to registrate the YubiKey as a ‘FIDO U2F’-Key without any problems. But I want to use the NFC capabilities with my android device which is not available for FIDO U2F.
Is there anyone who can help me?
Thanks
Andreas
2019-03-16 17:37:19.315 +00:00 [Error] The input is not a valid Base-64 string as it contains a non-base 64 character, more than two padding characters, or an illegal character among the padding characters.
System.FormatException: The input is not a valid Base-64 string as it contains a non-base 64 character, more than two padding characters, or an illegal character among the padding characters.
at System.Convert.FromBase64CharPtr(Char* inputPtr, Int32 inputLength)
at System.Convert.FromBase64String(String s)
at YubicoDotNetClient.YubicoClient…ctor(String clientId, String apiKey)
at Bit.Core.Identity.YubicoOtpTokenProvider.ValidateAsync(String purpose, String token, UserManager1 manager, User user) in /home/appveyor/projects/core/src/Core/Identity/YubicoOtpTokenProvider.cs:line 69 at Microsoft.AspNetCore.Identity.UserManager1.VerifyTwoFactorTokenAsync(TUser user, String tokenProvider, String token)
at Bit.Api.Controllers.TwoFactorController.ValidateYubiKeyAsync(User user, String name, String value) in /home/appveyor/projects/core/src/Api/Controllers/TwoFactorController.cs:line 398
at Bit.Api.Controllers.TwoFactorController.PutYubiKey(UpdateTwoFactorYubicoOtpRequestModel model) in /home/appveyor/projects/core/src/Api/Controllers/TwoFactorController.cs:line 124
at lambda_method(Closure , Object )
at Microsoft.Extensions.Internal.ObjectMethodExecutorAwaitable.Awaiter.GetResult()
at Microsoft.AspNetCore.Mvc.Internal.ActionMethodExecutor.AwaitableObjectResultExecutor.Execute(IActionResultTypeMapper mapper, ObjectMethodExecutor executor, Object controller, Object[] arguments)
at System.Threading.Tasks.ValueTask`1.get_Result()
at Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker.InvokeActionMethodAsync()
at Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker.InvokeNextActionFilterAsync()
at Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker.Rethrow(ActionExecutedContext context)
at Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker.Next(State& next, Scope& scope, Object& state, Boolean& isCompleted)
at Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker.InvokeInnerFilterAsync()
at Microsoft.AspNetCore.Mvc.Internal.ResourceInvoker.InvokeNextExceptionFilterAsync()
I am having the exact same problem with Yubikey NEO. Getting the same exception in logs/api/Api:
2019-06-04 20:05:12.578 +00:00 [Error] The input is not a valid Base-64 string as it contains a non-base 64 character, more than two padding characters, or an illegal character among the padding characters.
System.FormatException: The input is not a valid Base-64 string as it contains a non-base 64 character, more than two padding characters, or an illegal character among the padding characters.
at System.Convert.FromBase64CharPtr(Char* inputPtr, Int32 inputLength)
at System.Convert.FromBase64String(String s)
at YubicoDotNetClient.YubicoClient…ctor(String clientId, String apiKey)
at Bit.Core.Identity.YubicoOtpTokenProvider.ValidateAsync(String purpose, String token, UserManager1 manager, User user) in /home/appveyor/projects/server/src/Core/Identity/YubicoOtpTokenProvider.cs:line 69 at Microsoft.AspNetCore.Identity.UserManager1.VerifyTwoFactorTokenAsync(TUser user, String tokenProvider, String token)
at Bit.Api.Controllers.TwoFactorController.ValidateYubiKeyAsync(User user, String name, String value) in /home/appveyor/projects/server/src/Api/Controllers/TwoFactorController.cs:line 398
at Bit.Api.Controllers.TwoFactorController.PutYubiKey(UpdateTwoFactorYubicoOtpRequestModel model) in /home/appveyor/projects/server/src/Api/Controllers/TwoFactorController.cs:line 124
at lambda_method(Closure , Object )
at Microsoft.Extensions.Internal.ObjectMethodExecutorAwaitable.Awaiter.GetResult()
at Microsoft.AspNetCore.Mvc.Internal.ActionMethodExecutor.AwaitableObjectResultExecutor.Execute(IActionResultTypeMapper mapper, ObjectMethodExecutor executor, Object controller, Object[] arguments)
at System.Threading.Tasks.ValueTask`1.get_Result()
at Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker.InvokeActionMethodAsync()
at Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker.InvokeNextActionFilterAsync()
at Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker.Rethrow(ActionExecutedContext context)
at Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker.Next(State& next, Scope& scope, Object& state, Boolean& isCompleted)
at Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker.InvokeInnerFilterAsync()
at Microsoft.AspNetCore.Mvc.Internal.ResourceInvoker.InvokeNextExceptionFilterAsync()
~
Yup, that was the issue when I experienced this error. It’s easy to forget about the need for the YubiCo API Key setup when you first set up self-hosting months ago and are only now looking to use it.
However, it would be great if that “not base64” error (which is actually referring to the globalSettings__yubico__key value in bwdata/env/global.override.env) could be better caught so as to display more than an anonymous ‘error’ when trying to add a key. A better message, with link to the docs as above, would really help here.