Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Incomplete Passkey integration regarding the macOS iCloud keychain #2606

Closed
1 of 3 tasks
filiptronicek opened this issue Nov 11, 2023 · 11 comments
Closed
1 of 3 tasks

Incomplete Passkey integration regarding the macOS iCloud keychain #2606

filiptronicek opened this issue Nov 11, 2023 · 11 comments
Labels
bug

Comments

@filiptronicek
Copy link

OS/Platform

macOS

Installed

https://ungoogled-software.github.io/ungoogled-chromium-binaries/

Version

118.0.5993.117

Have you tested that this is not an upstream issue or an issue with your configuration?

  • I have tried reproducing this issue in Chrome and it could not be reproduced there
  • I have tried reproducing this issue in vanilla Chromium and it could not be reproduced there
  • I have tried reproducing this issue in ungoogled-chromium with a new and empty profile using --user-data-dir command line argument and it could not be reproduced there

Description

iCloud keychain Passkey integration does not work

How to Reproduce?

  1. Visit https://www.passkeys.io/ and make sure you have a passkey for it saved inside your keychain (the best way I know of is using Safari and creating an identity there)
  2. Click Sign in with a passkey and observe the modal

Actual behaviour

You always get prompted to "Use a passkey from another device"
image

Expected behaviour

The modal includes ready-to-use credentials from your iCloud keychain

image

Relevant log output

No response

Additional context

I believe Chromium would first need to request permission, just like Chrome does.

image

Also, the item exists in the settings and is switched on by default.

image
@khanhmuy
Copy link

FIDO Passkey integration seems to be non-existent for now from my experience, can confirm the same behavior when trying to use passkey authentication with Bitwarden

@delicon
Copy link

delicon commented Dec 19, 2023

Same issue here.
Any news about this?

@RobusK
Copy link

RobusK commented Mar 13, 2024

+1, stumbled upon this today

@sebastianlivoni
Copy link

sebastianlivoni commented Mar 14, 2024
edited
Loading

This is due unsigned builds and the missing entitlement: com.apple.developer.web-browser.public-key-credential.
https://developer.apple.com/documentation/bundleresources/entitlements/com_apple_developer_web-browser_public-key-credential?changes=_3

In order for Ungoogled Chromium to use and lookup passkeys in iCloud Keychain a "Request the macOS Web Browser Public Key Credential Entitlement" is required. See here: https://developer.apple.com/contact/request/macos-browsers-passkeys/

I do not see any other way than someone with a valid Apple Developer Account requesting the entitlement from Apple and then build it with the entitlement.

@Gryzle
Copy link

Gryzle commented Mar 26, 2024

I do not see any other way than someone with a valid Apple Developer Account requesting the entitlement from Apple and then build it with the entitlement.

Would it be possible to integrate a personal developer account to accomplish this?

@sebastianlivoni
Copy link

Would it be possible to integrate a personal developer account to accomplish this?

I think personal developer accounts are allowed to request this entitlement.

@Gryzle
Copy link

Gryzle commented Mar 26, 2024

Would it be possible to integrate a personal developer account to accomplish this?

I think personal developer accounts are allowed to request this entitlement.

I have both a paid dev account, I'm just wondering if it's possible to add the entitlement to this project in a way that could be updated..?

@networkException
Copy link
Member

Signed builds are generated automatically in https://github.com/claudiodekker/ungoogled-chromium-binaries. Perhaps opening an issue to add whatever metadata is needed there is helpful

The builds will also land on the binary contributors page soon I hope

@Cubik65536
Copy link
Member

I have both a paid dev account, I'm just wondering if it's possible to add the entitlement to this project in a way that could be updated..?

Personally, I would be happy to see if someone could sponsor an dev license for Ungoogled-Chromium macOS. But we still need to discuss how this will be organized... Directly sign our software with some individual's account is definitely not a great approach in some ways...

Signed builds are generated automatically in claudiodekker/ungoogled-chromium-binaries. Perhaps opening an issue to add whatever metadata is needed there is helpful

https://github.com/claudiodekker/ungoogled-chromium-binaries is a good alternative to get signed UGC macOS in the meantime, and it should be updated with our official repo.

@Cubik65536
Copy link
Member

And related issue: ungoogled-software/ungoogled-chromium-macos#93

@PF4Public
Copy link
Contributor

I have an impression that this issue is principally unfixable by us, should we close it as such?

@RobusK RobusK mentioned this issue Apr 27, 2024
Closed
@PF4Public PF4Public closed this as not planned Won't fix, can't repro, duplicate, stale Sep 15, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
9 participants
@delicon @RobusK @PF4Public @sebastianlivoni @filiptronicek @networkException @Gryzle @khanhmuy @Cubik65536