Yes. Bitwarden - Chrome extension. Close both Bitwarden and Orion. Please check if your ~/Library/Application\ Support/Orion/NativeMessagingHosts/ folder has a file in it named com.8bit.bitwarden.json . If it doesn't, go to ~/Library/Application\ Support/Google/Chrome/NativeMessagingHosts/ and copy com.8bit.bitwarden.json to your ~/Library/Application\ Support/Orion/NativeMessagingHosts/ folder. You can hold down the option key and drag to make a copy or duplicate and move. If you duplicate and move, the file may look like com.8bit.bitwarden copy.json. Rename and delete copy so the file is com.8bit.bitwarden.json. Restart Bitwarden and make sure Unlock with Touch ID is checked. Make sure Enable browser integration is checked. You can then restart Orion and set up the extension as you like. Make sure Do not prompt for biometrics on launch is unchecked if you want to be prompted to use Touch ID on the launch of the extension.
Bitwarden Biometric Authentication doesn't work
Vlad I believe so. When the extension is installed in the respective browser, it creates the file in its NativeMessagingHosts folder. I tried to isolate every part of the functionality of the FF Bitwarden extension. The missing file explained why the Bitwarden extension would not quite work. What I canโt figure out is how some Orion users have the file installed by the extension.
- Edited
Vlad sbeaz I believe this needs to be resolved by Bitwarden.
Two main things need to change on Bitwarden's side:
- Bitwarden is given an additional entitlement to write to
~/Library/Application Support/Orion/NativeMessagingHosts
- A key-value pair for Orion is added to this object
See this commit which adds support for Chromium in the same way.
There is one complication. Orion supports both Chrome and Firefox extensions. The json
file that is missing is different depending on browser. Bitwarden defaults to the Chrome version and makes an exception for FF.
I can imagine two options:
- Orion decides to only support the Chrome or FF version of the Bitwarden extension. Bitwarden would then need to make either no logic changes (if Orion exclusively support Chrome version) or a very minor logic change (if Orion exclusively supports FF version, just adding
|| 'Orion'
in a single conditional) - Orion continues to support either version. In this case, Bitwarden would need to be able to determine which version of the extension was installed in Orion. Does Orion expose this information? I kinda hope it doesn't as it sounds like a potential security issue. Perhaps Orion maintains a very simple JSON file in
NativeMessagingHosts
calledorionExtensions.json
which looks something like this:
{
"bitwarden": {
"version": "Firefox"
}
}
This way, Bitwarden needs no additional entitlements to determine which version of the extension is installed - it will already have read access to this file. Reading a JSON file is pretty straightforward; hopefully Bitwarden wouldn't mind some minor special handling like this.
If any other extensions in the future need to use the NativeMessagingHosts stuff, it would hopefully be trivial to add relevant information to this file from Orion's side.
Edit: I don't understand how biometrics could possibly have ever worked in Orion because only the Bitwarden desktop app makes the JSON files, and it doesn't have permission to access the directory where they need to go to work...
For now we added some default paths for check when native host config file missing. (chrome, edge, opera, brave and firefox), so Orion will search on those paths and copy file to our native host directory.
But file will be unavailable in case there's no another browser installed. And Bitwarden support will be needed, like the desktop app copies native host file to all supported browsers itself, so they should add Orion as there supported browser to be able to copy native host file automatically.
- Edited
Vlad Sure but Bitwarden needs a way to know if the FF or Chrome extension is installed on Orion else this won't work. This is needed because the Native messaging stuff uses different keys for FF (allowed_extensions
) vs Chrome (allowed_origins
). I made some suggestions/ideas in my reply
Also at what point is Orion copying those paths - installation, launch...?
It is not working for me, I have not done yet the file workaround. I will wait til new available beta, theoretically tomorrow. Just to do if all at once and not to waste time.
Vlad I've raised this with the Bitwarden team: https://community.bitwarden.com/t/add-support-for-biometrics-for-orion-a-macos-browser/36764
I will keep this thread updated with any developments
The issue I ran into is that I can't enable the biometric authentication because when the TouchID prompt pops up the extension popup closes and gets locked, since Orion closes extension popups when the browser window loses focus.
getdustedyun And you have it enabled in the app?
- Edited
sbeaz Yes, I use it with all other browsers I have just fine. I only have this issue with Orion. I click the "Open with biometrics" checkbox, the TouchID popup opens, the extension closes (so it gets locked) and the link with the app never gets made
getdustedyun Are you using the Chrome or Firefox extension? Chrome works better.
it still doesn't working
Are you using the Chrome or Firefox extension? Chrome works better.
Same here - using the Chrome extension but the behaviour is the same with Firefox as well. When attempting to enable biometrics, it starts the communication with the desktop app but then disappears just before the touch id popup appears. Clicking on the touch id popup, there is now no response from the extension as it has "closed" and I need to put my master password in again. I don't know if the extension is crashing/reloading or whatever. I tried putting vault timeout to never at both sides temporarily and whilst that takes away the re-entering of the master password it still never sets up touch id.
Thereโs a great post on this but I couldnโt find it. I started from scratch had the same problem. In desktop Bitwarden preferences, I unchecked Allow browser integration and rechecked it and set up Touch ID again successfully. Another method that worked was setting up Unlock with PIN and then setting up Unlock with biometrics. I then disabled Unlock with PIN.