Support passkeys
For anyone that's been waiting on this: it looks like Orion properly supports passkeys, at least with 1Password.
- Edited
sjerred which version? 0.99.126.4.1-beta does look to support only hardware-backed passkeys such as Yubikeys etc. But, there is still no way to either use iCloud passkeys and/or some Orion's own synced passkeys.
I have just found that Firefox now is able to access iCloud passkeys bz #1792433 on macOS. As per that bug discussion they are likely using this entitlement. This does open standard macOS dialog (the same one as in Safari) that allows to choose either iCloud or hardware-backed passkey.
- Edited
Orion currently supports passkeys, but it seems to be using its own implementation.
I hope this explanation would clear up some issues and allow a proper implementation of passkeys
safari
safari saves the passkey to iCloud Keychain, which is synced on all devices, authenticated via touch id.
but, it also provides an option ot using a nearby device (iphone, ipad, or android device) to use a camera to create the passkey
or, using an external security key.
then, when authenticating, it defaults to touch id, bu also provides other choices.
firefox
exact same UX and UI as Safari. this is what orion should have implemented.
chrome
chrome saves the passkey to exact same iCloud Keychain that Safari uses (you can see that fdsa1 which was created on Safari is suggested for autofill), which is synced on all devices, authenticated via touch id.
but, it also provides an option ot using a nearby device (iphone, ipad, or android device) to use a camera to create the passkey, or an external security key
the option "using your chrome profile" creates a local-only passkey. this is what orion is doing currently. the flow for this also looks like what orion currently offers, using the same touch-id popup that orion has
chrome likely has a slightly different flow than safari/firefox bc of its "using your chrome profile" option that safari and ff don't support (and isn't necessary)
orion
orion, on the other hand, only allows for touch id and security key, providing a very different popup.
it also uses a different touch id verification popup
also, when authenticating, it uses a different touch id popup, and doesnt offer other choices for authentication
Im pretty sure passkeys are different. whenever i try and use passkeys signing into things like amazon using passkeys doesn't work and errors out without giving more information.
Steps to reproduce:
- Select 3rd Party Provider for Password in settings.
- Ensure you have the latest plugin supporting Passkeys
** 1Password 2.16.0 - https://chrome.google.com/webstore/detail/1password-beta-–-password/khgocmkkpikpnmmkgmdnfckapcdkgfaf - Use https://passkeys.io to test.
- Create an account, fake e-mail is fine.
- Signup process will prompt to create a passkey.
Expected behavior:
The 3rd Party Provider handles request to create and save passkey. In my case, 1Password should pop up asking to create/update a login with passkey.
Orion, OS version; hardware type:
0.99.125 & 0.99.125.3-rc, macOS 13.6, M2
Note: this works on iOS 17 with 1Password 8.10.6 (app store release) and Orion 1.3.4 (1) which is what led me to test on macOS
Currerntly, extensions like bitwarden support storing passkeys. However, not in Orion.
While using Orion, I see in google account settings "A passkey can’t be created on this device", however this works in Chrome and when clicked "add a passkey" bitwarden popup opens.
I have a self-hosted instance of Bitwarden and happy to provide a test account for dev purposes if needed.
A note: this is no a duplicate of #3025, #3025 is more about storing the passkeys in ios keychain (and/or on TPM like Safari does), but my issue is about supporting API for extensions to do that.
expected the pop-up to appear 
0.99.126
Monterey (12)
17
- Edited
Got an interesting observation, while recording the demonstration, I've used a different website to register a passkey for (passkeys.io instead of google, as I tried initially). Surprisingly, it worked in both chrome and Orion. So the issue per se is not with the extensions API, but rather something different, which makes google website not recognize a compatible device.
And a video demonstrating the interaction with bitwarden:
I have also tried that in Safari.
Visiting google passkeys page gave me a green (well, blue) shield like in Chrome telling me the device is supported. I didn't try further though.
Had another clue, I've changed the user agent to "Safari" in Orion, and, well, it didn't work. So I thought it's based on some other native APIs. However, changing the user-agent to Chrome in Safari made it work (!) with both bitwarden and later (when declined in bitwarden) it asked to interact with a TouchID.
So, here I come to a conclusion that the evil company is doing its evil things again.
However, I don't quite get it why it works in my Safari, but doesn't work with the same exact user-agent (I've checked) in Orion.
Vlad I'm not quite sure how to qualify this as I don't graps what #3025 is about any longer, as it seems it works in Orion.
The part of the problem which stays (and is not a part of a bigger "passkeys" subject per se) is that google thinks passkeys are not supported in Orion, thought it works in Safari with the same user-agent.
I use 1password and it seems to work though.
I can confirm google's passkey can't be made in Orion currently. Github passkey works fine.
- Edited
Haarolean I found out that passkeys are working, but the Bitwarden installed under popular extensions is so old that it doesn’t support them. You have to install a newer version, like this one: https://addons.mozilla.org/en-US/firefox/addon/bitwarden-password-manager/
