Bitwarden Biometric Authentication doesn't work
sbeaz I'm on a 14" M1 Pro.
I have tried what Vlad suggested - I didn't have this option enabled in Bitwarden desktop's settings - but it still doesn't work for me.
After uninstalling and reinstalling the Bitwarden extension on Orion, and trying again to enable biometrics, I got the same error Chai got: "Unfortunately this window is not available in private..."
I restarted Orion and Bitwarden again, and now I do not get that error, but I still do not get the popup from Bitwarden desktop to enable biometrics.
Same here. It worked on my Intel MBP but I received my 16” M1 Max MBP and now it doesn’t work, Including some of the same results you are getting. I don’t know if M1 chip is the issue, but I will keep digging.
- Edited
Vlad yep, I just installed it again and managed to get it working quite easily. After I logged in to Bitwarden (on Orion) and enabled biometrics support the extension crashed, but then I repeated the process and got the prompt on the desktop app.
The first time I did it was a lot more finicky, not sure if support has been improved in the meantime.
Here's my current Bitwarden desktop settings:
And here's the Orion extension (Chrome version) settings:
And here's the prompt I get
Cannabat Please try this when you get a moment. It worked for me. Please check if your ~/Library/Application\ Support/Orion/NativeMessagingHosts/ folder has a file in it named com.8bit.bitwarden.json . If it doesn't, you need to go to the ~/Library/Application\ Support/Mozilla/NativeMessagingHosts/ or ~/Library/Application\ Support/Vivaldi/NativeMessagingHosts// folder (or chrome based browser folder) and copy the file to your ~/Library/Application\ Support/Orion/NativeMessagingHosts/ folder depending on which extension you're using - Firefox or Chrome. You can then set up the extension as you like. You may need to close and restart Orion. I've found the Chrome extension works just a bit better as you don't need to click the Unlock With Touch ID button if Bitwarden is open.
Yes. Bitwarden - Chrome extension. Close both Bitwarden and Orion. Please check if your ~/Library/Application\ Support/Orion/NativeMessagingHosts/ folder has a file in it named com.8bit.bitwarden.json . If it doesn't, go to ~/Library/Application\ Support/Google/Chrome/NativeMessagingHosts/ and copy com.8bit.bitwarden.json to your ~/Library/Application\ Support/Orion/NativeMessagingHosts/ folder. You can hold down the option key and drag to make a copy or duplicate and move. If you duplicate and move, the file may look like com.8bit.bitwarden copy.json. Rename and delete copy so the file is com.8bit.bitwarden.json. Restart Bitwarden and make sure Unlock with Touch ID is checked. Make sure Enable browser integration is checked. You can then restart Orion and set up the extension as you like. Make sure Do not prompt for biometrics on launch is unchecked if you want to be prompted to use Touch ID on the launch of the extension.
Vlad I believe so. When the extension is installed in the respective browser, it creates the file in its NativeMessagingHosts folder. I tried to isolate every part of the functionality of the FF Bitwarden extension. The missing file explained why the Bitwarden extension would not quite work. What I can’t figure out is how some Orion users have the file installed by the extension.
- Edited
Vlad sbeaz I believe this needs to be resolved by Bitwarden.
Two main things need to change on Bitwarden's side:
- Bitwarden is given an additional entitlement to write to
~/Library/Application Support/Orion/NativeMessagingHosts
- A key-value pair for Orion is added to this object
See this commit which adds support for Chromium in the same way.
There is one complication. Orion supports both Chrome and Firefox extensions. The json
file that is missing is different depending on browser. Bitwarden defaults to the Chrome version and makes an exception for FF.
I can imagine two options:
- Orion decides to only support the Chrome or FF version of the Bitwarden extension. Bitwarden would then need to make either no logic changes (if Orion exclusively support Chrome version) or a very minor logic change (if Orion exclusively supports FF version, just adding
|| 'Orion'
in a single conditional) - Orion continues to support either version. In this case, Bitwarden would need to be able to determine which version of the extension was installed in Orion. Does Orion expose this information? I kinda hope it doesn't as it sounds like a potential security issue. Perhaps Orion maintains a very simple JSON file in
NativeMessagingHosts
calledorionExtensions.json
which looks something like this:
{
"bitwarden": {
"version": "Firefox"
}
}
This way, Bitwarden needs no additional entitlements to determine which version of the extension is installed - it will already have read access to this file. Reading a JSON file is pretty straightforward; hopefully Bitwarden wouldn't mind some minor special handling like this.
If any other extensions in the future need to use the NativeMessagingHosts stuff, it would hopefully be trivial to add relevant information to this file from Orion's side.
Edit: I don't understand how biometrics could possibly have ever worked in Orion because only the Bitwarden desktop app makes the JSON files, and it doesn't have permission to access the directory where they need to go to work...
For now we added some default paths for check when native host config file missing. (chrome, edge, opera, brave and firefox), so Orion will search on those paths and copy file to our native host directory.
But file will be unavailable in case there's no another browser installed. And Bitwarden support will be needed, like the desktop app copies native host file to all supported browsers itself, so they should add Orion as there supported browser to be able to copy native host file automatically.