Merged 4 posts from Integrate with native macOS FIDO2 (if possible).
211
Support passkeys
A user on Discord confirmed passkeys work in last RC.
https://discord.com/channels/802933355603034132/802933355603034135/1161769510458626098
We'd appreciate to understand what is missing.
I have the 1Password Chrome extension installed in the latest Orion RC as of this writing (Version 0.99.125.6-rc (WebKit 618.1.1)).
I have an existing passkey for my GitHub account saved in 1Password. If I pick the "authenticate with passkey" option, I expect the 1Password extension to present its associated "authenticate with known passkey" UI and proceed with passkey login, but this dialog appears instead:
10 days later
If I attempt to use the passkey option I get an immediate failure. 
Similarly, Google doesn't work either with passkeys. Fails immediately. 
We will attempt to ship this with 127
a month later
According to a person at 1Password, the latest Orion update (Orion 0.99.126.4 - Dec 11, 2023) has fixed 1Password's ability to use passkeys.
Granted, I don't know if this counts as "Orion supports passkeys in general" or if it currently only supports using passkeys via 1Password.
Just tested with Orion 0.99.126.4-rc/macOS Sonoma 14.2 (23C64) and it gets farther than before, but still isn't working for me.
A Passkey-enabled site is now correctly triggering 1Password's "Sign In With Passkey" prompt, but attempting to proceed through it results in this error instead of successfully authenticating:
I have set up passkeys in Bitwarden so I can compare Safari and Orion's behaviour with that.
With Safari, it prompts you to sign in with the passkey:
With Orion, it does not:
This thread is for native support for passkeys with Orion's keychain. The last few posts are about extension support and should belong in separate threads.
21 days later
For anyone that's been waiting on this: it looks like Orion properly supports passkeys, at least with 1Password.
2 months later
- Edited
sjerred which version? 0.99.126.4.1-beta does look to support only hardware-backed passkeys such as Yubikeys etc. But, there is still no way to either use iCloud passkeys and/or some Orion's own synced passkeys.
I have just found that Firefox now is able to access iCloud passkeys bz #1792433 on macOS. As per that bug discussion they are likely using this entitlement. This does open standard macOS dialog (the same one as in Safari) that allows to choose either iCloud or hardware-backed passkey.
15 days later
- Edited
Orion currently supports passkeys, but it seems to be using its own implementation.
I hope this explanation would clear up some issues and allow a proper implementation of passkeys
safari
safari saves the passkey to iCloud Keychain, which is synced on all devices, authenticated via touch id.
but, it also provides an option ot using a nearby device (iphone, ipad, or android device) to use a camera to create the passkey
or, using an external security key.
then, when authenticating, it defaults to touch id, bu also provides other choices.
firefox
exact same UX and UI as Safari. this is what orion should have implemented.
chrome
chrome saves the passkey to exact same iCloud Keychain that Safari uses (you can see that fdsa1 which was created on Safari is suggested for autofill), which is synced on all devices, authenticated via touch id.
but, it also provides an option ot using a nearby device (iphone, ipad, or android device) to use a camera to create the passkey, or an external security key
the option "using your chrome profile" creates a local-only passkey. this is what orion is doing currently. the flow for this also looks like what orion currently offers, using the same touch-id popup that orion has
chrome likely has a slightly different flow than safari/firefox bc of its "using your chrome profile" option that safari and ff don't support (and isn't necessary)
orion
orion, on the other hand, only allows for touch id and security key, providing a very different popup.
it also uses a different touch id verification popup
also, when authenticating, it uses a different touch id popup, and doesnt offer other choices for authentication
23 days later
Im pretty sure passkeys are different. whenever i try and use passkeys signing into things like amazon using passkeys doesn't work and errors out without giving more information.
Steps to reproduce:
- Select 3rd Party Provider for Password in settings.
- Ensure you have the latest plugin supporting Passkeys
** 1Password 2.16.0 - https://chrome.google.com/webstore/detail/1password-beta-β-password/khgocmkkpikpnmmkgmdnfckapcdkgfaf - Use https://passkeys.io to test.
- Create an account, fake e-mail is fine.
- Signup process will prompt to create a passkey.
Expected behavior:
The 3rd Party Provider handles request to create and save passkey. In my case, 1Password should pop up asking to create/update a login with passkey.
Orion, OS version; hardware type:
0.99.125 & 0.99.125.3-rc, macOS 13.6, M2
Note: this works on iOS 17 with 1Password 8.10.6 (app store release) and Orion 1.3.4 (1) which is what led me to test on macOS
7 months later
Merged 2 posts from Passkeys do not use Password Manager.
Currerntly, extensions like bitwarden support storing passkeys. However, not in Orion.
While using Orion, I see in google account settings "A passkey canβt be created on this device", however this works in Chrome and when clicked "add a passkey" bitwarden popup opens.
I have a self-hosted instance of Bitwarden and happy to provide a test account for dev purposes if needed.
A note: this is no a duplicate of #3025, #3025 is more about storing the passkeys in ios keychain (and/or on TPM like Safari does), but my issue is about supporting API for extensions to do that.
expected the pop-up to appear 
0.99.126
Monterey (12)
17