[Linux/Fedora] Browser biometrics integration is not working

mihalyr commented 3 days ago

Steps To Reproduce

Go to settings
Enable unlock with biometrics
Links with desktop app
Open settings again and check the biometrics setting

Expected Result

biometrics enabled and working

Actual Result

biometrics not enabled
trying again it will show enabled, but leaving settings and opening it again it is reset to disabled, cannot enable it

Screenshots or Videos

No response

Additional Context

I'm not sure if this is even supposed to work under Linux, when I first time click to enable it shows me the pass phrase to connect the desktop app, I allow it in the desktop app, go back to the browser and go to the settings it wills show disabled again, then I click to enable again, it will show enabled and a new option appears to underneath, but when I leave the settings and come back again it is reset to disabled again. I am not sure how this supposed to work, but seemingly the option does not do anything.

Operating System

Linux

Operating System Version

Fedora 40

Web Browser

Firefox

Browser Version

130

Build Version

2024.9.0

Issue Tracking Info

[X] I understand that work is tracked outside of Github. A PR will be linked to this issue should one be opened to address it, but Bitwarden doesn't use fields like "assigned", "milestone", or "project" to track progress.

quexten commented 2 days ago

Hi @mihalyr , yes, biometrics has been tested to work on Fedora with Firefox. However, support depends on a few things (which we should probably better present to the user, and the error messaging should definitely be better than what you have encountered).

Since you are on Fedora, could you let me know:

Browser installation type (Flatpak/.rpm)
Bitwarden desktop installation type (Flatpak/.rpm/appimage)

mihalyr commented 1 day ago

Hi @quexten I use Firefox from the distro RPM (Fedora 40 Sericea - rpm-ostree based) and the desktop app is from your website an AppImage.

quexten commented 1 day ago

Interesting, my first thought was that there is an issue of browser <-> desktop communication (in snap/flatpak this is not supported yet for instance). But since this is fedora sericea, there might be a few other issues. Is biometric unlock in just the desktop app (without involving any browser) working for you?

I think the following problems could occur: Currently biometric unlock relies on polkit and libsecret. On gnome/kde these come with the DE, but on sway programs providing these (polkit agent, and something like gnome-keyring) might need to be installed? (I do not know about Fedora Atomic, but that's how it is on Arch).

Further, since Sericea is atomic, can Bitwarden desktop even modify the polkit files (to add the bitwarden polkit unlock policy) (since they are immutable?), or does an ostree need to be created here?

mihalyr commented 1 day ago

I've got an interesting reply from your colleague on another issue where they state that biometrics on Linux desktop is not supposed to work: https://github.com/bitwarden/clients/issues/11052#issuecomment-2357772981

If that is the case, then I assume this explains why it won't work with the browser extension either. But doesn't give me an error just silently disables the option. It would be perhaps nicer if either the desktop app or extension would show me some error that the functionality is not available on my system. Or not even show that option. But it's just a small thing, I can ignore it if it's not there yet, I just installed the desktop app and tried out various options to see how they work.

bitwarden / clients