Support passkeys

Im pretty sure passkeys are different. whenever i try and use passkeys signing into things like amazon using passkeys doesn't work and errors out without giving more information.

Steps to reproduce:

• Select 3rd Party Provider for Password in settings.
• Ensure you have the latest plugin supporting Passkeys
  ** 1Password 2.16.0 - https://chrome.google.com/webstore/detail/1password-beta-–-password/khgocmkkpikpnmmkgmdnfckapcdkgfaf
• Use https://passkeys.io to test.
• Create an account, fake e-mail is fine.
• Signup process will prompt to create a passkey.

Expected behavior:
The 3rd Party Provider handles request to create and save passkey. In my case, 1Password should pop up asking to create/update a login with passkey.

Orion, OS version; hardware type:
0.99.125 & 0.99.125.3-rc, macOS 13.6, M2

Note: this works on iOS 17 with 1Password 8.10.6 (app store release) and Orion 1.3.4 (1) which is what led me to test on macOS

Can this be implemented in a generic way, so it works with any 3rd-party password manager? I could use this for Strongbox (which works fine in Safari, see screenshot below).

.

Currerntly, extensions like bitwarden support storing passkeys. However, not in Orion.
While using Orion, I see in google account settings "A passkey can’t be created on this device", however this works in Chrome and when clicked "add a passkey" bitwarden popup opens.

I have a self-hosted instance of Bitwarden and happy to provide a test account for dev purposes if needed.

A note: this is no a duplicate of #3025, #3025 is more about storing the passkeys in ios keychain (and/or on TPM like Safari does), but my issue is about supporting API for extensions to do that.

expected the pop-up to appear

0.99.126

Monterey (12)

17

Haarolean Steps to reproduce would be great.

I have also tried that in Safari.
Visiting google passkeys page gave me a green (well, blue) shield like in Chrome telling me the device is supported. I didn't try further though.

Had another clue, I've changed the user agent to "Safari" in Orion, and, well, it didn't work. So I thought it's based on some other native APIs. However, changing the user-agent to Chrome in Safari made it work (!) with both bitwarden and later (when declined in bitwarden) it asked to interact with a TouchID.

So, here I come to a conclusion that the evil company is doing its evil things again.

However, I don't quite get it why it works in my Safari, but doesn't work with the same exact user-agent (I've checked) in Orion.

@Vlad I'm not quite sure what to name this issue now considering my new observations.
Perhaps, the problem is that having the same exact user-agent in Orion as in Safari doesn't work for google.

It may be a duplicate of #3025 after all and we just need to look more into it? For what is worth I was able to create a passkey for github with no problem in Orion with no changes made.

I use 1password and it seems to work though.

I can confirm google's passkey can't be made in Orion currently. Github passkey works fine.

tl;dr the current implementation of Orion's passkeys seems to be implemented in its own way, rather than using the apple-provided native APIs, resulting in it not working consistently, and not being compatible at times.

danrungg Great observation! Updating the 1Password extension fixed this issue for me and got passkey signin via 1Password working as expected in Orion!

Just chiming in here, that I would love to see Orion handle passkeys like Safari does. It currently works well with 1Password when the extension is installed, but for things like Strongbox it doesn't. Safari works consistently every time.

orionlover btw if you change the user agent to "Chrome", you will be able to add a passkey to your google account