30

Vlad sbeaz I believe this needs to be resolved by Bitwarden.

Two main things need to change on Bitwarden's side:

See this commit which adds support for Chromium in the same way.

There is one complication. Orion supports both Chrome and Firefox extensions. The json file that is missing is different depending on browser. Bitwarden defaults to the Chrome version and makes an exception for FF.

I can imagine two options:

  • Orion decides to only support the Chrome or FF version of the Bitwarden extension. Bitwarden would then need to make either no logic changes (if Orion exclusively support Chrome version) or a very minor logic change (if Orion exclusively supports FF version, just adding || 'Orion' in a single conditional)
  • Orion continues to support either version. In this case, Bitwarden would need to be able to determine which version of the extension was installed in Orion. Does Orion expose this information? I kinda hope it doesn't as it sounds like a potential security issue. Perhaps Orion maintains a very simple JSON file in NativeMessagingHosts called orionExtensions.json which looks something like this:
{
  "bitwarden": {
      "version": "Firefox"
  }
}

This way, Bitwarden needs no additional entitlements to determine which version of the extension is installed - it will already have read access to this file. Reading a JSON file is pretty straightforward; hopefully Bitwarden wouldn't mind some minor special handling like this.

If any other extensions in the future need to use the NativeMessagingHosts stuff, it would hopefully be trivial to add relevant information to this file from Orion's side.

Edit: I don't understand how biometrics could possibly have ever worked in Orion because only the Bitwarden desktop app makes the JSON files, and it doesn't have permission to access the directory where they need to go to work...

    For now we added some default paths for check when native host config file missing. (chrome, edge, opera, brave and firefox), so Orion will search on those paths and copy file to our native host directory.

    But file will be unavailable in case there's no another browser installed. And Bitwarden support will be needed, like the desktop app copies native host file to all supported browsers itself, so they should add Orion as there supported browser to be able to copy native host file automatically.

      Vlad Sure but Bitwarden needs a way to know if the FF or Chrome extension is installed on Orion else this won't work. This is needed because the Native messaging stuff uses different keys for FF (allowed_extensions) vs Chrome (allowed_origins). I made some suggestions/ideas in my reply

      Also at what point is Orion copying those paths - installation, launch...?

        It is not working for me, I have not done yet the file workaround. I will wait til new available beta, theoretically tomorrow. Just to do if all at once and not to waste time.

          FYI,

          I updated Orion today and biometrics did not work as expected. I applied @sbeaz workaround and it works the extension with biometrics as expected. Thanks

          4 months later

          The issue I ran into is that I can't enable the biometric authentication because when the TouchID prompt pops up the extension popup closes and gets locked, since Orion closes extension popups when the browser window loses focus.

            sbeaz Yes, I use it with all other browsers I have just fine. I only have this issue with Orion. I click the "Open with biometrics" checkbox, the TouchID popup opens, the extension closes (so it gets locked) and the link with the app never gets made

              3 months later

              Are you using the Chrome or Firefox extension? Chrome works better.

                a month later

                Same here - using the Chrome extension but the behaviour is the same with Firefox as well. When attempting to enable biometrics, it starts the communication with the desktop app but then disappears just before the touch id popup appears. Clicking on the touch id popup, there is now no response from the extension as it has "closed" and I need to put my master password in again. I don't know if the extension is crashing/reloading or whatever. I tried putting vault timeout to never at both sides temporarily and whilst that takes away the re-entering of the master password it still never sets up touch id.

                  There’s a great post on this but I couldn’t find it. I started from scratch had the same problem. In desktop Bitwarden preferences, I unchecked Allow browser integration and rechecked it and set up Touch ID again successfully. Another method that worked was setting up Unlock with PIN and then setting up Unlock with biometrics. I then disabled Unlock with PIN.

                    Thanks - by fiddling with that setting and bit of back and forth I finally managed to get it to work. Wasn't straight forward though.

                      planetwilson Exactly. That’s why I posted 2 different ‘options’.

                        3 months later

                        it is working ✅
                        i just need to check Allow browser integration option in Bitwarden Mac App.