Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Passkey support #4239

Open
1 task done
Molenaar2 opened this issue Nov 6, 2024 · 14 comments
Open
1 task done

Passkey support #4239

Molenaar2 opened this issue Nov 6, 2024 · 14 comments
Labels

Comments

@Molenaar2
Copy link

Steps To Reproduce

I have two accounts for my UBank app, both accounts have a passkey defined. One account sits in my own vault, the other account sits in the organisation I belong to.

When I try to log in to the app, I get an error that the passkey operation failed, because the user could not be verified. In the previous non-native version of Bitwarden I got a pop-up showing the two passkeys (unfortunately not the user IDs!) and I could select the passkey/account I wanted to use. With the new native version, due to the error, I can no longer login.

Expected Result

Logged in to banking app

Actual Result

Error message that passkey operation failed because user could not be verified

Screenshots or Videos

My banking app doesn't allow to make screenshots

Additional Context

The non native version showed a pop-up with three two passkeys and I could select the one to be used (note, it showed the passkeys, unfortunately not the user IDs) Now in the native version it gives an error.

Build Version

2024.10.2

What server are you connecting to?

US

Self-host Server Version

No response

Environment Details

Samsung Galaxy A34
Android 14

Issue Tracking Info

  • I understand that work is tracked outside of Github. A PR will be linked to this issue should one be opened to address it, but Bitwarden doesn't use fields like "assigned", "milestone", or "project" to track progress.
@Molenaar2 Molenaar2 added the bug label Nov 6, 2024
@bitwarden-bot
Copy link

Thank you for your report! We've added this to our internal board for review.
ID: PM-14534

@Felitendo
Copy link

Same issue for me. I can login with passkeys, but I can't create them

@Molenaar2
Copy link
Author

Duplicate of #3866, will close this one

@BJReplay
Copy link

@Molenaar2 I think you should consider re-opening this issue - it is a more up to date description of the problem - my issue is a bit older, and so starts off describing an older issue, whereas yours describes what I believe to be the current issue - and the issues the Bitwarden team need to address:

  1. the user could not be verified
  2. failure to display the username, just the cipher

@Molenaar2
Copy link
Author

Reopened as advised by @BJReplay

@Molenaar2 Molenaar2 reopened this Nov 11, 2024
@cipavlou
Copy link

Also having this issue - cannot login with my passkey. Worked in non-native but doesn't work in native. Have just the one passkey

@BJReplay
Copy link

BJReplay commented Nov 16, 2024

Also have this issue. One account, one passkey. Samsung S22U A14 - works in legacy but not native.

@Tasqa
Copy link

Tasqa commented Nov 24, 2024

I also ran into this issue on Version: 2024.11.6 (19499)

Even though the Bitwarden settings said the session timeout was 15min it immediately logged out, causing this bug. Because the native passkey UV is not shown when there is not session. I reconfirmed the session timeout to 15 minutes and now the user verification does show properly and I can login.

@Molenaar2
Copy link
Author

@Tasqa sorry, I'm not sure I understand your comment. Are you able to login to UBank via a passkey stored in Bitwarden by increasing the session timeout in the new native Bitwarden app for Android to 15 minutes? I have tried that as well and that does not make a difference. We are still not able to login to UBank.

@lindhe
Copy link

lindhe commented Nov 27, 2024

Can we get a better title on this issue? I skipped over it because it looked so generic, but it is in fact a specific and important bug report.

@kmahyyg
Copy link

kmahyyg commented Dec 26, 2024

Hi team,

I think #4385 shouldn't be closed, this is actually another bug should be considered as a sub-issue.

As I've met the same issue on the official client for a long time.

To have a reproducible bug report, please follow the following steps to reproduce:

Version: 2024.12.0 (19597) on Android 15
Device: OnePlus 12 running OxygenOS 15

To reproduce:

  • Set session lockout time to "immediate"
  • Go back to Chrome and make sure system auto-fill settings are configured as instructed.
  • Set bitwarden as passkeys provider and enabled auto-fill.
  • Now the vault should be locked
  • Go to GitHub.com and choose login with passkeys
  • Choose auto-fill button on keyboard and unlock as UI shown
  • Confirm Passkeys request in bitwarden
  • Then will fail and show pop-up: "user couldn't be verified"

Temporary workaround:

  • Set session timeout to ones other than "immediate" and make sure to unlock vault in app before you call it.

@cbbit

@kmahyyg
Copy link

kmahyyg commented Dec 26, 2024

It seems also a race-condition issue looks similar like #4408 .

@Molenaar2
Copy link
Author

@kmahyyg just to make sure, the steps to reproduce you provide above, are related to #4385, and have nothing/not as much to do with the defect reported in this issue, as my vault is not locked at all when the system prevents me to login to UBank with a passkey. Probably good to add the steps to reproduce to #4385

@kmahyyg
Copy link

kmahyyg commented Dec 26, 2024

@kmahyyg just to make sure, the steps to reproduce you provide above, are related to #4385, and have nothing/not as much to do with the defect reported in this issue, as my vault is not locked at all when the system prevents me to login to UBank with a passkey. Probably good to add the steps to reproduce to #4385

Only gods know which issue is correct. This issue is covering a more broad topic, and both issues share the same error message.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

8 participants