search

bitwarden / clients

Bitwarden client apps (web, browser extension, desktop, and cli).
https://bitwarden.com
Other
9.01k stars 1.18k forks source link

Bitwarden doesn't recognize it has a passkey to offer to LinkedIn.com #7545

Open chrissv opened 8 months ago

chrissv commented 8 months ago

Steps To Reproduce

This was discovered when I was testing if #7302 was resolved. That issue is not occurring, but there is a new issue.

  1. Logging in to LinkedIn.com using username/password, I went to "Settings" and "Sign in & Security" and created a passkey in Bitwarden (I am using the passkey saved as part of finding #7302 )
  2. I verified Bitwarden shows a passkey stored for linkedin.com
  3. Log out of LinkedIn
  4. Go to LinkedIn login page: https://www.linkedin.com/login
  5. Click "Sign in with a passkey"

Expected Result

Bitwarden offers to serve up the saved passkey for login

Actual Result

Bitwarden popup says "No passkeys found for this application"

Screenshots or Videos

At the signin page, prior to logging in, Bitwarden recognizes I have a vault entry for LinkedIn. Clicking the BW icon shows this:

image

Viewing the entry, I confirm a passkey is saved:

image

This is the sign-in page:

image

This is the popup when "Sign in with a passkey" is clicked

image

Additional Context

No response

Operating System

Windows

Operating System Version

10.0.19045 Build 19045

Web Browser

Chrome

Browser Version

120.0.6099.200 (Official Build) (64-bit)

Build Version

2024.1.0

Issue Tracking Info

Greenderella commented 8 months ago

Hi there,

I am unable to reproduce this issue, it has been escalated for further investigation. If you have more information that can help us, please add it below.

Thanks!

chrissv commented 7 months ago

I recreated the issue by adding a separate entry for LinkedIn (so I have two for the same site - I didn't want to blow away my original entry).

Then I went to LinkedIn security and clicked to add a new passkey. BW correctly recognized the attempt, and asked me which BW entry I was saving this passkey to (because I have 2 entries). I selected the new one.

When I executed the steps above, BW still said there are no passkeys available.

I have no other context to add, sorry.

Greenderella commented 7 months ago

Hi @chrissv, after some investigation the team arrived to the conclusion that this happens because some pages, like LinkedIn, implemented passkeys using a method that asks the browser to mediate requests through a conditional UI, that behaves likes a passkey autofill.

Bitwarden is exploring different ways to handle this kind of requests: https://github.com/bitwarden/clients/pull/7892

If everything goes as expected, you should be able to use passkeys for LinkedIn once support for this kind of requests gets implemented.

We thank you for bringing this to our attention, and for your understanding!

chrissv commented 7 months ago

That's great news! As a SW developer myself, I know that finding and reproducing the issue is 90% of the battle!

escape0707 commented 2 months ago

I'm having the same issue with discord.com now.

clavelm commented 1 month ago

I'm having the same issue with discord.com now.

So, for Discord, you can’t use the passkey directly from the login page: login page

no passkey matching

But after filling the authentication fields and hitting the "Log In" button, the next screen offers to use the passkey and this time it’s working: Authenticate with passkey

passkey found

(I have also a TOTP set, it may have an impact on reaching that second screen?)

escape0707 commented 1 month ago

@clavelm I can confirm your discovery, although what I want is to completely avoid using password.

clavelm commented 1 month ago

@clavelm I can confirm your discovery, although what I want is to completely avoid using password.

Sure, it's just a workaround by adding a step. Let's hope that it's the same thing that LinkedIn and will be working with #7892