gitlab.com login with Safari doesn't allow U2F authentication
Summary
When logging into gitlab.com using Safari, authentication with a security key does not work. After entering login and password for an account, GitLab will prompt for a second factor. Normally, there is the option of either entering the Two-factor authentication code from an app (e.g. Google Authenticator) or to plug in and use a Security Key. When using Chrome, both options are shown. When using Safari, only the option for a Two-factor authentication code is show. This makes it impossible to use security keys with Safari for GitLab.
Steps to reproduce
- Add a security key for a GitLab account using Chrome (or another supported browser). Tested with a Yubikey 5Ci, but also reported with other Yubikeys.
- Launch a recent version of Safari. Safari supports WebAuthn/U2F since version 13. Tested on 13.0.1 Mac OS X 10.15 Beta (19A578c) as well as the latest technology preview.
- Log into gitlab.com with user name and password.
At this point, only the option for an authentication code is shown. See attached screen shot.
Original bug report was received from one of our customers and verified by the support team here at Yubico.
Edited by Guido Appenzeller