207

What does your feature entail? What is it for? How will it affect existing workflows or user experience?

It's kind of a dealbreaker for me right now that Orion doesn't have full Passkey support- If I need to sign into a website that I have a passkey saved on my iPhone for, I wouldn't be able to since it doesn't give me the choice. The picture above is the prompt that shows on Orion when using FIDO2- note the lack of an option for a passkey.

What are the exact ways that you see a user using your proposed feature? Please go into as much detail as possible, and provide examples of how other browsers/apps implement this feature, if applicable. If your feature suggestion adds on to an existing feature, how would it work into it to extend its usefulness?
Rather than using its own FIDO2/Passkey prompt, Orion should hook into the native api use that instead.

    sylvae Can you dig up more information about the native APIs?

        Merged 4 posts from Integrate with native macOS FIDO2 (if possible).

          Vlad

          I have the 1Password Chrome extension installed in the latest Orion RC as of this writing (Version 0.99.125.6-rc (WebKit 618.1.1)).

          I have an existing passkey for my GitHub account saved in 1Password. If I pick the "authenticate with passkey" option, I expect the 1Password extension to present its associated "authenticate with known passkey" UI and proceed with passkey login, but this dialog appears instead:

            10 days later
            a month later

            Nezteb

            Just tested with Orion 0.99.126.4-rc/macOS Sonoma 14.2 (23C64) and it gets farther than before, but still isn't working for me.

            A Passkey-enabled site is now correctly triggering 1Password's "Sign In With Passkey" prompt, but attempting to proceed through it results in this error instead of successfully authenticating:

                I have set up passkeys in Bitwarden so I can compare Safari and Orion's behaviour with that.

                With Safari, it prompts you to sign in with the passkey:

                With Orion, it does not:

                  This thread is for native support for passkeys with Orion's keychain. The last few posts are about extension support and should belong in separate threads.

                    21 days later

                    For anyone that's been waiting on this: it looks like Orion properly supports passkeys, at least with 1Password.

                      2 months later

                      sjerred which version? 0.99.126.4.1-beta does look to support only hardware-backed passkeys such as Yubikeys etc. But, there is still no way to either use iCloud passkeys and/or some Orion's own synced passkeys.

                      I have just found that Firefox now is able to access iCloud passkeys bz #1792433 on macOS. As per that bug discussion they are likely using this entitlement. This does open standard macOS dialog (the same one as in Safari) that allows to choose either iCloud or hardware-backed passkey.

                          15 days later

                          Orion currently supports passkeys, but it seems to be using its own implementation.
                          I hope this explanation would clear up some issues and allow a proper implementation of passkeys

                          safari

                          safari saves the passkey to iCloud Keychain, which is synced on all devices, authenticated via touch id.

                          but, it also provides an option ot using a nearby device (iphone, ipad, or android device) to use a camera to create the passkey

                          or, using an external security key.

                          then, when authenticating, it defaults to touch id, bu also provides other choices.

                          firefox

                          exact same UX and UI as Safari. this is what orion should have implemented.

                          chrome

                          chrome saves the passkey to exact same iCloud Keychain that Safari uses (you can see that fdsa1 which was created on Safari is suggested for autofill), which is synced on all devices, authenticated via touch id.

                          but, it also provides an option ot using a nearby device (iphone, ipad, or android device) to use a camera to create the passkey, or an external security key

                          the option "using your chrome profile" creates a local-only passkey. this is what orion is doing currently. the flow for this also looks like what orion currently offers, using the same touch-id popup that orion has

                          chrome likely has a slightly different flow than safari/firefox bc of its "using your chrome profile" option that safari and ff don't support (and isn't necessary)

                          orion


                          orion, on the other hand, only allows for touch id and security key, providing a very different popup.

                          it also uses a different touch id verification popup

                          also, when authenticating, it uses a different touch id popup, and doesnt offer other choices for authentication


                            23 days later

                            Im pretty sure passkeys are different. whenever i try and use passkeys signing into things like amazon using passkeys doesn't work and errors out without giving more information.