Vlad added the Clarification tag .
57
Integrate with native password AutoFill
- Edited
Orion already integrates with Password solutions like BitWarden. Do you mean something different?
It is a little different I believe. Bitwarden integrates with Orion via an extension, with the password autofill framework Apple introduced, autofill would work without the need of an extension.
I assume this would also mean that (iCloud) keychain password generation and autofill would work? It’s the one issue preventing me from replacing Safari with Orion.
a month later
2 months later
- Edited
Vlad Just wanted to chime in my support for this feature request + anecdotes.
I use keepass for self-hosted password storage/syncing and on iOS I have Strongbox setup for autofilling natively instead of the iCloud keychain. Works wonderfully there.
On desktop however, I use a different keepass client app (KeeWeb) and its chrome extension for autofill since I use Brave and only Safari currently supports the native autofill on mac... After much effort though, i've not been able to get the extension to work with Orion.
This is really the last & biggest hurdle keeping me from moving over to Orion.
Put simply, in my case native autofill support would enable the benefits of:
- (obviously) integrating with the native & more secure password system
- being able to use Strongbox's native-first apps on both iOS and macOS
- not running an, admittedly small, electron app (KeeWeb) on desktop at all times
- not having to depend on a browser extension for autofill at all
- having autofill password access system-wide not just on the web
- making it instantly both practical and beneficial to switch to Orion full time
TL;DR
Adding native autofill support would, in web browsing contexts, be a silver bullet in my quest to optimize & streamline the overall desktop env + workflows following my recent upgrade to a new M1 macbook.
16 days later
I have been trying to get Orion to work with Strongbox and have had issues so far. I read a post here previously about Strongbox and it needing to be “aware” of Orion. I posted about this in the Strongbox subreddit and received a response from the developer that seems to indicate that Orion may need to do some work to integrate the macOS autofill API differently. This makes sense as it now uses the same one iOS does. Here is a link to the post.
There are similar issues here regarding integrating this API. I posted about this in Discord and am creating this issue to accompany the discussion.
2 months later
Merged 2 posts from Support native macOS & iOS Autofill API.
Minimalist, a password manager designed exclusively for Mac and iPhone/iPad, leverages Apple’s AutoFill system. While I don't yet have access to the iOS/iPadOS Orion app (awaiting an invite), Orion on the Mac seemingly doesn't currently leverage AutoFill. This post from Minimalist's help articles speaks towards the benefits regarding security, privacy, and convenience of AutoFill.
Do you have any idea how many other password managers leverage autofill on the desktop platform? I guess if there is a range of popular ones which do, this would make more sense. I must admit I wasn't aware of it on the desktop platform, as I have only ever seen it on i(Pad)OS since I don't use Safari on desktop.
gp I'm not aware of the implementations utilized for other Mac password manager apps. I presume most are exclusively utilizing their own extensions, from which there's privacy and convenience arguments to be had.
Additionally, with adoption of AutoFill, I don't believe its use would be limited to password manager apps.
5 days later
Autofill API exists only on iOS/iPadOS. AFAIK, the only way to use it on Mac is through SwiftUI which ports the same iOS API over, but very few apps use SwiftUI on Mac because of extreme limitations (Orion and Safari do not use it).
I am not sure what does work in Safari and how, would appreciate more information on this.
2 months later
I would love to see this feature, I use credit card, address, name/phone, autofill quite often in Safari on MacOS and miss it dearly in Orion. I'm not sure what is available API wise, but it looks like Safari AutoFill pulls from the Wallet and Contacts apps.
3 months later
Merged 7 posts from Add support for Apple's AutoFill system.
- Edited
Vlad no I don’t believe it is…
From what I gather however—as someone with little to no swift development experience—it seems like the way Apple has it setup is that as long as you code input fields to surface the 1st party keychain autofill UI, then any 3rd party autofill providers will also come up if enabled by the user…?
Purely speculative on my part though based on my personal observations and interpretation of Apple’s docs. Since installing Strongbox I don’t think I’ve ever seen an autofill field that didn’t also provide Strongbox as an option.
Steps to reproduce:
Use a password manager with a macOS Password Autofill API (introduced in Big Sur) compliant extension (In this case, Strongbox Pro). Open a page in Orion for which the password is saved and linked to the URL. Click on the relevant field and no passwords are suggested. Clicking on "Passwords..." presents no options either. Safari does present these passwords to the user on clicking the relevant fields.
Expected behavior:
Orion to present passwords sourced from any app that has an Autofill extension enabled. (System Preferences > Extensions > Autofill)
Orion, OS version; hardware type:
Orion Version 0.99.113.2-beta, macOS 12.2.1 (21D62), M1 MacBook Air 2020 (MacBookAir10,1)
Image/Video:
Orion does not yet support the Autofill API. It will soon support it in a following release.
Merged 2 posts from Password Autofill not Functioning with 3rd Party Apps.
8 months later
Is it now supported? Because I still see the same behavior as mentioned by ttrv65ebyng above. Except that I can click on "Passwords...", and Orion will pop up the list of login/passwords saved in macOS. But Orion still does not suggest any saved login. I am on Version 0.99.122-beta (WebKit 615.1.11.7) running on Mac mini M1 (macOS Ventura 13.1 build 22C65). Maybe I am missing something?
Note that that I not using a third party password manager but the macOS builtin one.
- Edited
Yes, by "built-in", I meant the passwords saved in the iCloud Keychain. Previously, one could only access those through Keychain Access but now it is possible to get to them either through Safari or via System Settings / Passwords.
So what you are saying is that there isn't a way to directly use the iCloud Keychain... One would still need to import those passwords into Orion's keychain? I thought it could work seamlessly without having two separate keychains. I just want to have a single place for my passwords, irrespective of the browser I use.
And maybe what I said above is not clear. Attached are 3 screenshots for Linkedin.com to show the difference between the behaviors of Safari and Orion that might make it clearer.
- How Safari suggests an actual login name
- How Orion just shows an option to click Passwords...
- Orion does open a list of passwords saved in the iCloud Keychain or System Keychain, whatever is the correct name for it.
- My settings for Orion. BTW, this pane is a bit confusing like this --at least for me. When I have selected "3rd Party Provider", it still shows me the "Passwords" button below, which only opens the Orion's Keychain.
- Edited
vkt I think you may still be misunderstanding what 'iCloud Keychain' is.
Keychain is just a fancy name for special type of secure storage provided by OS, used most commonly for storing data like passwords and certificates. This storage can be used by apps, and each app gets its own bucket in storage, and apps can not directly access each other storage in Keychain , but can through special APIs provided by Apple like the auto-fiill API which is currently available and developed to a differnent standard on iOS and macOS.
iCloud Keychain is just Keychain synced over your iCloud account to other devices.
Saying passwords are saved in 'iCloud Keychain" is meaningles unless you specify in which app's bucket in keychain they are saved in. I think you equate Safari passwords with 'icloud keychain passwords', just because you may not have used any other app before that natively uses keychain, like Orion does (for example other browsers like chrome and firefox do not use keychain on macos, they use their own propriatery storage on their servers).
Your (iCloud) Keychain now contains two buckets - Safari passwords and Orion passwords. If you also use a native password manager like Strongbox, you would also have Strongbox passwords in Keychain. 3rd party provider option in Orion specifies you do not want to use Orion's keychain passwords, but passwords stored in some other app's keychain, that integrated the native auto-fill feature.
With this in mind, can you rephrase your question/ask?
Ok. Thanks for the clarification. It's clear now.
My question is if it would be possible for Orion to suggest actual logins just how Safari does, specific to a given website? Because from what I see (and as I try to show in the screenshots above), it seems that it is possible to open Safari's keychain bucket after clicking on the "Passwords..." prompt from Orion, but it does not suggest individual or website specific password.
I think ttrv65ebyng is also trying to say the same thing. In their example, they are using Strongbox. Safari seems to be able to get into Strongbox's keychain bucket, however, Orion only shows the "Passwords..." prompt.
Hope it is clearer.
- Edited
it seems that it is possible to open Safari's keychain bucket after clicking on the "Passwords..." prompt from Orion, but it does not suggest individual or website specific password.
This completely depends on what the autofill API on macOS allows. Currently it allows opening passwords but not automatically selecting the proper one. On iOS for example, full functionality is already avaialble and Orion iOS takes advantage of it. Since Orion can not directly access Safari passwords, we have to rely to what is provided by the public APIs in macOS.
Orion has native implementation of the auto-fill API so when this is enabled on macOS it will start working.
Safari seems to be able to get into Strongbox's keychain bucket, however, Orion only shows the "Passwords..." prompt.
What this implies is that Safari has access to private macOS Keychain APIs that are not enabled yet publicly. AFAIK no non-Apple app can do this yet. For example Strongbox can not autofill Safari passwords any better than we do (if this changed, let us know).
What I really suggest doing is using just Orion's keychain and if you need Safari passwords, import them to Orion. You can always export the passwords back. This way you take advantage of Orion built in features.
Got it. That is why I was confused about. I had assumed that if AutoFill was implemented, everything should work the same. I was not aware that some of the APIs are not public.
Thank for taking time to discuss and clarify. I hope it will help others too.
BTW, DuckDuckGo browser for macOS has some deep integration with Bitwarden, not through AutoFill. It is able to fetch logins without the extension; it still requires the app. Maybe something worth checking as a potential future feature.
Thanks once again.
a year later
Sorry for reviving an old thread, but I would like to see this offered if possible. I am using Strongbox which leverages the built-in system autofill system. When I am using Orion, it doesn't detect what page I am on and simply gives me a list of all of my passwords that I then need to pick from.
Maybe in recent macOS updates there is a clean way for Orion to offer up the correct password as a suggestion?
No one is typing