Skip to content

iOS - Using custom OAuth2 that signs in via Entra ID, passkey saved in authenticator app is not available to sign in #38734

New issue
New issue
Open
Open
iOS - Using custom OAuth2 that signs in via Entra ID, passkey saved in authenticator app is not available to sign in#38734
Labels
type: bug
@trimacdo

Description

@trimacdo
trimacdo
opened on Feb 16, 2026

Description:

I am currently using Authentik as my OIDC/OAuth2 provider, I've followed the documentation outlined here:
https://integrations.goauthentik.io/chat-communication-collaboration/rocketchat/

I am using Entra ID to sign into authentik.

When I go to sign into my rocket chat tenant via the iOS app, and choose my SSO login, it opens the Entra ID

Steps to reproduce:

  1. Setup Custom OAuth2 Provider in Rocket.chat for Authentik as per documentation above
  2. Install latest iOS rocket.chat app -> enter tenant info -> choose SSO login button
  3. Redirect to Entra ID sign in -> Choose Face, Fingerprint, PIN or Security Key -> "Your device will open a security window" appears for a second (normally this would be where it would redirect to authenticator app) -> Receive error message "We couldn't sign you in, Something went wrong when trying to sign in with a passkey."

Expected behavior:

On Entra ID sign in redirect within iOS App - > Choose Face, Fingerprint, PIN or Security Key -> App opens a security window to choose my passkey for my Entra ID account in my authenticator app.

Actual behavior:

Redirect to Entra ID sign in -> Choose Face, Fingerprint, PIN or Security Key -> "Your device will open a security window" appears for a second (normally this would be where it would redirect to authenticator app) -> Receive error message "We couldn't sign you in, Something went wrong when trying to sign in with a passkey."

Server Setup Information:

  • Version of Rocket.Chat Server: 8.1.0
  • License Type: Starter
  • Number of Users: 1 [testing enviroment]
  • Operating System: Linux Debian 13.1
  • Deployment Method: docker compose
  • Number of Running Instances: 1
  • DB Replicaset Oplog: Mongo
  • NodeJS Version: 22.16.0 - x64 [container]
  • MongoDB Version: 8.2.4 [container]

Client Setup Information

  • iOS App: 4.69.0.108207
  • Operating System: iOS 26.3

Additional context

If I open my tenant via a web browser on my phone, it redirects properly and allows me to use my passkey as expected. The issue is specifically for the iOS app. I have not tested android.

Relevant logs

N/A

Metadata

Metadata

Assignees

No one assigned

    Labels

    type: bug

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions