When an account has both passkeys and TOTP enrolled, the Ente server returns passkeySessionID + twoFactorSessionIDV2 (deliberately not the V1 twoFactorSessionID field, so old clients keep using passkeys). quak only checked the V1 field, saw the passkey session, and threw 'Passkey authentication is not supported'. A CLI cannot do WebAuthn, so it must take the TOTP path via the V2 session ID.
14 KiB
14 KiB