Login to subscription sites Bitwarden requires login with master password instead of unlock using biometrics

Jack15911 commented 7 months ago

Steps To Reproduce

Go to a subscription site with iPhone/Safari and Bitwarden available (logged in, locked normally) to login. If already logged in, either logout or clear cookies. In my case this happened with both Washington Post and New York Times (NYT). Then attempt to login. On the NYT login site, it's "Login or create account" page.
Click in the email address blank, which opens a password prompt just above the keyboard, "password for www.newyorktimes.com - Bitwarden <>." Select that.
The Bitwarden login page pops up, with a warning in red, "Autofill biometric unlock for this account is disabled pending verification of master password."
I did not choose to enter my master password, but instead closed the Bitwarden login window that had the warning, and that opened the normal NYT login window again.
I closed the NYT login window and clicked on the Bitwarden app on the iPhone. It unlocked using FaceID. I copied UID and password in turn from Bitwarden and pasted into NYT login page. I logged in successfully.
I then repeated this process by logging out of the Washington Post and had the same problem with the same warning, and logged in successfully by copy/paste from Bitwarden.

Expected Result

I would expect step 2 above would open a Bitwarden unlock page which would then unlock using FaceID biometrics.

Actual Result

Instead of opening an unlock page that would verify my biometrically using FaceID, Bitwarden opened a Login page and required the master password.

Screenshots or Videos

No response

Additional Context

No response

Operating System

iOS

Operating System Version

17.4.1

Web Browser

Safari

Browser Version

17.4.1, presumably

Build Version

2024.2.1 (6741)

Issue Tracking Info

[X] I understand that work is tracked outside of Github. A PR will be linked to this issue should one be opened to address it, but Bitwarden doesn't use fields like "assigned", "milestone", or "project" to track progress.

Neonwarden commented 7 months ago

Hi there,

Thank you for your report!

I was able to reproduce this issue, and I have flagged this to our engineering team.

If you wish to add any further information/screenshots/recordings etc., please feel free to do so at any time - our engineering team will be happy to review these.

Thanks once again!

Jack15911 commented 1 week ago

Appears to function adequately with iOS using Bitwarden 2024.9.2 (1106) using iOS Version 17.6.1. It may not be completely resolved, however: Bitwarden pops up and requests a full password, but then that request is over-ridden by biometric/FaceID imagery and Bitwarden finds and copies the UID and PWD. I don't know how integrated it's supposed to look.

bitwarden / clients