[PM-11304] Lint

(cherry picked from commit a0e3ae0cc2)
[PM-11304] lint
2026-05-11 22:31:17 -05:00 · 2024-11-13 11:28:25 +00:00 · 2024-11-13 11:27:45 +00:00 · 2024-11-13 11:24:41 +00:00 · 2024-11-13 11:24:31 +00:00 · 2024-11-13 11:24:21 +00:00
881 changed files with 34693 additions and 10149 deletions
--- a/.github/ISSUE_TEMPLATE/bug.yml
+++ b/.github/ISSUE_TEMPLATE/bug.yml
@@ -1,4 +1,4 @@
-name: Android Beta Bug Report
+name: Android Bug Report
 description: File a bug report
 labels: [ bug ]
 body:
@@ -7,19 +7,7 @@ body:
      value: |
        Thanks for taking the time to fill out this bug report!

-        > [!WARNING]
-        > This is the new native Bitwarden Beta app repository. For the publicly available apps in App Store / Play Store, submit your report in [bitwarden/mobile](https://github.com/bitwarden/mobile)
-
-
        Please do not submit feature requests. The [Community Forums](https://community.bitwarden.com) has a section for submitting, voting for, and discussing product feature requests.
-  - type: checkboxes
-    id: beta
-    attributes:
-      label: Bitwarden Beta
-      options:
-        - label: "I'm using the new native Bitwarden Beta app and I'm aware that legacy .NET app bugs should be reported in [bitwarden/mobile](https://github.com/bitwarden/mobile)"
-    validations:
-      required: true
  - type: textarea
    id: reproduce
    attributes:
@@ -63,6 +51,22 @@ body:
      description: What version of our software are you running?
    validations:
      required: true
+  - type: dropdown
+    id: server-region
+    attributes:
+      label: What server are you connecting to?
+      options:
+        - US
+        - EU
+        - Self-host
+        - N/A
+    validations:
+      required: true
+  - type: input
+    id: server-version
+    attributes:
+      label: Self-host Server Version
+      description: If self-hosting, what version of Bitwarden Server are you running?
  - type: textarea
    id: environment-details
    attributes:
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -33,17 +33,17 @@ env:
 jobs:
  build:
    name: Build
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04

    steps:
      - name: Check out repo
-        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

      - name: Validate Gradle wrapper
        uses: gradle/actions/wrapper-validation@d156388eb19639ec20ade50009f3d199ce1e2808 # v4.1.0

      - name: Cache Gradle files
-        uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
+        uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2
        with:
          path: |
            ~/.gradle/caches
@@ -53,7 +53,7 @@ jobs:
            ${{ runner.os }}-gradle-v2-

      - name: Cache build output
-        uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
+        uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2
        with:
          path: |
            ${{ github.workspace }}/build-cache
@@ -62,13 +62,13 @@ jobs:
            ${{ runner.os }}-build-

      - name: Configure JDK
-        uses: actions/setup-java@2dfa2011c5b2a0f1489bf9e433881c92c1631f88 # v4.3.0
+        uses: actions/setup-java@8df1039502a15bceb9433410b1a100fbe190c53b # v4.5.0
        with:
          distribution: "temurin"
          java-version: ${{ env.JAVA_VERSION }}

      - name: Configure Ruby
-        uses: ruby/setup-ruby@f321cf5a4d1533575411f8752cf25b86478b0442 # v1.193.0
+        uses: ruby/setup-ruby@a2bbe5b1b236842c1cb7dd11e8e3b51e0a616acc # v1.202.0
        with:
          bundler-cache: true

@@ -84,11 +84,18 @@ jobs:
      - name: Build
        run: bundle exec fastlane assembleDebugApks

+      - name: Upload test reports on failure
+        uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
+        if: failure()
+        with:
+          name: test-reports
+          path: app/build/reports/tests/
+
  publish_playstore:
    name: Publish Play Store artifacts
    needs:
      - build
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
    strategy:
      fail-fast: false
      matrix:
@@ -96,10 +103,10 @@ jobs:
        artifact: ["apk", "aab"]
    steps:
      - name: Check out repo
-        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

      - name: Configure Ruby
-        uses: ruby/setup-ruby@f321cf5a4d1533575411f8752cf25b86478b0442 # v1.193.0
+        uses: ruby/setup-ruby@a2bbe5b1b236842c1cb7dd11e8e3b51e0a616acc # v1.202.0
        with:
          bundler-cache: true

@@ -153,7 +160,7 @@ jobs:
        uses: gradle/actions/wrapper-validation@d156388eb19639ec20ade50009f3d199ce1e2808 # v4.1.0

      - name: Cache Gradle files
-        uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
+        uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2
        with:
          path: |
            ~/.gradle/caches
@@ -163,7 +170,7 @@ jobs:
            ${{ runner.os }}-gradle-v2-

      - name: Cache build output
-        uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
+        uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2
        with:
          path: |
            ${{ github.workspace }}/build-cache
@@ -172,7 +179,7 @@ jobs:
            ${{ runner.os }}-build-

      - name: Configure JDK
-        uses: actions/setup-java@2dfa2011c5b2a0f1489bf9e433881c92c1631f88 # v4.3.0
+        uses: actions/setup-java@8df1039502a15bceb9433410b1a100fbe190c53b # v4.5.0
        with:
          distribution: "temurin"
          java-version: ${{ env.JAVA_VERSION }}
@@ -237,7 +244,7 @@ jobs:

      - name: Upload release Play Store .aab artifact
        if: ${{ (matrix.variant == 'prod') && (matrix.artifact == 'aab') }}
-        uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
+        uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
        with:
          name: com.x8bit.bitwarden.aab
          path: app/build/outputs/bundle/standardRelease/com.x8bit.bitwarden-standard-release.aab
@@ -245,7 +252,7 @@ jobs:

      - name: Upload beta Play Store .aab artifact
        if: ${{ (matrix.variant == 'prod') && (matrix.artifact == 'aab') }}
-        uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
+        uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
        with:
          name: com.x8bit.bitwarden.beta.aab
          path: app/build/outputs/bundle/standardBeta/com.x8bit.bitwarden-standard-beta.aab
@@ -253,7 +260,7 @@ jobs:

      - name: Upload release .apk artifact
        if: ${{ (matrix.variant == 'prod') && (matrix.artifact == 'apk') }}
-        uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
+        uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
        with:
          name: com.x8bit.bitwarden.apk
          path: app/build/outputs/apk/standard/release/com.x8bit.bitwarden-standard-release.apk
@@ -261,7 +268,7 @@ jobs:

      - name: Upload beta .apk artifact
        if: ${{ (matrix.variant == 'prod') && (matrix.artifact == 'apk') }}
-        uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
+        uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
        with:
          name: com.x8bit.bitwarden.beta.apk
          path: app/build/outputs/apk/standard/beta/com.x8bit.bitwarden-standard-beta.apk
@@ -270,7 +277,7 @@ jobs:
      # When building variants other than 'prod'
      - name: Upload debug .apk artifact
        if: ${{ (matrix.variant != 'prod') && (matrix.artifact == 'apk') }}
-        uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
+        uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
        with:
          name: com.x8bit.bitwarden.${{ matrix.variant }}.apk
          path: app/build/outputs/apk/standard/debug/com.x8bit.bitwarden-standard-debug.apk
@@ -308,7 +315,7 @@ jobs:

      - name: Upload .apk SHA file for release
        if: ${{ (matrix.variant == 'prod') && (matrix.artifact == 'apk') }}
-        uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
+        uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
        with:
          name: com.x8bit.bitwarden.apk-sha256.txt
          path: ./com.x8bit.bitwarden.apk-sha256.txt
@@ -316,7 +323,7 @@ jobs:

      - name: Upload .apk SHA file for beta
        if: ${{ (matrix.variant == 'prod') && (matrix.artifact == 'apk') }}
-        uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
+        uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
        with:
          name: com.x8bit.bitwarden.beta.apk-sha256.txt
          path: ./com.x8bit.bitwarden.beta.apk-sha256.txt
@@ -324,7 +331,7 @@ jobs:

      - name: Upload .aab SHA file for release
        if: ${{ (matrix.variant == 'prod') && (matrix.artifact == 'aab') }}
-        uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
+        uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
        with:
          name: com.x8bit.bitwarden.aab-sha256.txt
          path: ./com.x8bit.bitwarden.aab-sha256.txt
@@ -332,7 +339,7 @@ jobs:

      - name: Upload .aab SHA file for beta
        if: ${{ (matrix.variant == 'prod') && (matrix.artifact == 'aab') }}
-        uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
+        uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
        with:
          name: com.x8bit.bitwarden.beta.aab-sha256.txt
          path: ./com.x8bit.bitwarden.beta.aab-sha256.txt
@@ -340,18 +347,18 @@ jobs:

      - name: Upload .apk SHA file for debug
        if: ${{ (matrix.variant != 'prod') && (matrix.artifact == 'apk') }}
-        uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
+        uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
        with:
          name: com.x8bit.bitwarden.${{ matrix.variant }}.apk-sha256.txt
          path: ./com.x8bit.bitwarden.${{ matrix.variant }}.apk-sha256.txt
          if-no-files-found: error

      - name: Install Firebase app distribution plugin
-        if: ${{ matrix.variant == 'prod' && github.ref_name == 'main' && (inputs.distribute-to-firebase || github.event_name == 'push') }}
+        if: ${{ matrix.variant == 'prod' && (inputs.distribute-to-firebase || github.event_name == 'push') }}
        run: bundle exec fastlane add_plugin firebase_app_distribution

      - name: Publish release artifacts to Firebase
-        if: ${{ matrix.variant == 'prod' && matrix.artifact == 'apk' && github.ref_name == 'main' && (inputs.distribute-to-firebase || github.event_name == 'push') }}
+        if: ${{ matrix.variant == 'prod' && matrix.artifact == 'apk' && (inputs.distribute-to-firebase || github.event_name == 'push') }}
        env:
          APP_PLAY_FIREBASE_CREDS_PATH: ${{ github.workspace }}/secrets/app_play_prod_firebase-creds.json
        run: |
@@ -360,7 +367,7 @@ jobs:
          service_credentials_file:${{ env.APP_PLAY_FIREBASE_CREDS_PATH }}

      - name: Publish beta artifacts to Firebase
-        if: ${{ (matrix.variant == 'prod' && matrix.artifact == 'apk') && github.ref_name == 'main' && (inputs.distribute-to-firebase || github.event_name == 'push') }}
+        if: ${{ (matrix.variant == 'prod' && matrix.artifact == 'apk') && (inputs.distribute-to-firebase || github.event_name == 'push') }}
        env:
          APP_PLAY_FIREBASE_CREDS_PATH: ${{ github.workspace }}/secrets/app_play_prod_firebase-creds.json
        run: |
@@ -375,19 +382,21 @@ jobs:

      - name: Publish Play Store bundle
        if: ${{ matrix.variant == 'prod' && matrix.artifact == 'aab' && (inputs.publish-to-play-store || github.ref_name == 'main') }}
-        run: bundle exec fastlane publishBetaToPlayStore
+        run: |
+          bundle exec fastlane publishProdToPlayStore
+          bundle exec fastlane publishBetaToPlayStore

  publish_fdroid:
    name: Publish F-Droid artifacts
    needs:
      - build
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
    steps:
      - name: Check out repo
-        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

      - name: Configure Ruby
-        uses: ruby/setup-ruby@f321cf5a4d1533575411f8752cf25b86478b0442 # v1.193.0
+        uses: ruby/setup-ruby@a2bbe5b1b236842c1cb7dd11e8e3b51e0a616acc # v1.202.0
        with:
          bundler-cache: true

@@ -427,7 +436,7 @@ jobs:
        uses: gradle/actions/wrapper-validation@d156388eb19639ec20ade50009f3d199ce1e2808 # v4.1.0

      - name: Cache Gradle files
-        uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
+        uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2
        with:
          path: |
            ~/.gradle/caches
@@ -437,7 +446,7 @@ jobs:
            ${{ runner.os }}-gradle-v2-

      - name: Cache build output
-        uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
+        uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2
        with:
          path: |
            ${{ github.workspace }}/build-cache
@@ -446,7 +455,7 @@ jobs:
            ${{ runner.os }}-build-

      - name: Configure JDK
-        uses: actions/setup-java@2dfa2011c5b2a0f1489bf9e433881c92c1631f88 # v4.3.0
+        uses: actions/setup-java@8df1039502a15bceb9433410b1a100fbe190c53b # v4.5.0
        with:
          distribution: "temurin"
          java-version: ${{ env.JAVA_VERSION }}
@@ -481,7 +490,7 @@ jobs:
          keyPassword:"${{ env.FDROID_BETA_KEY_PASSWORD }}"

      - name: Upload F-Droid .apk artifact
-        uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
+        uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
        with:
          name: com.x8bit.bitwarden-fdroid.apk
          path: app/build/outputs/apk/fdroid/release/com.x8bit.bitwarden-fdroid-release.apk
@@ -493,14 +502,14 @@ jobs:
          > ./com.x8bit.bitwarden-fdroid.apk-sha256.txt

      - name: Upload F-Droid SHA file
-        uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
+        uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
        with:
          name: com.x8bit.bitwarden-fdroid.apk-sha256.txt
          path: ./com.x8bit.bitwarden-fdroid.apk-sha256.txt
          if-no-files-found: error

      - name: Upload F-Droid Beta .apk artifact
-        uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
+        uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
        with:
          name: com.x8bit.bitwarden.beta-fdroid.apk
          path: app/build/outputs/apk/fdroid/beta/com.x8bit.bitwarden-fdroid-beta.apk
@@ -512,18 +521,18 @@ jobs:
          > ./com.x8bit.bitwarden.beta-fdroid.apk-sha256.txt

      - name: Upload F-Droid Beta SHA file
-        uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
+        uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
        with:
          name: com.x8bit.bitwarden.beta-fdroid.apk-sha256.txt
          path: ./com.x8bit.bitwarden.beta-fdroid.apk-sha256.txt
          if-no-files-found: error

      - name: Install Firebase app distribution plugin
-        if: ${{ github.ref_name == 'main' && inputs.distribute_to_firebase }}
+        if: ${{ inputs.distribute_to_firebase || github.event_name == 'push' }}
        run: bundle exec fastlane add_plugin firebase_app_distribution

      - name: Publish release F-Droid artifacts to Firebase
-        if: ${{ github.ref_name == 'main' && inputs.distribute_to_firebase }}
+        if: ${{ inputs.distribute_to_firebase || github.event_name == 'push' }}
        env:
          APP_FDROID_FIREBASE_CREDS_PATH: ${{ github.workspace }}/secrets/app_fdroid_firebase-creds.json
        run: |
--- a/.github/workflows/crowdin-pull.yml
+++ b/.github/workflows/crowdin-pull.yml
@@ -1,4 +1,3 @@
---
 name: Crowdin Sync

 on:
@@ -10,12 +9,12 @@ on:
 jobs:
  crowdin-sync:
    name: Autosync
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
    env:
      _CROWDIN_PROJECT_ID: "269690"
    steps:
      - name: Checkout repo
-        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

      - name: Login to Azure - CI Subscription
        uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0
@@ -30,7 +29,7 @@ jobs:
          secrets: "crowdin-api-token, github-gpg-private-key, github-gpg-private-key-passphrase"

      - name: Download translations
-        uses: crowdin/github-action@91d52b545f82cb88e86c3002a443de22df77fa16 # v2.1.3
+        uses: crowdin/github-action@2d540f18b0a416b1fbf2ee5be35841bd380fc1da # v2.3.0
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          CROWDIN_API_TOKEN: ${{ steps.retrieve-secrets.outputs.crowdin-api-token }}
--- a/.github/workflows/crowdin-push.yml
+++ b/.github/workflows/crowdin-push.yml
@@ -9,12 +9,12 @@ on:
 jobs:
  crowdin-push:
    name: Crowdin Push
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
    env:
      _CROWDIN_PROJECT_ID: "269690"
    steps:
      - name: Check out repo
-        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

      - name: Log in to Azure
        uses: Azure/login@cb79c773a3cfa27f31f25eb3f677781210c9ce3d # v1.6.1
@@ -29,7 +29,7 @@ jobs:
          secrets: "crowdin-api-token"

      - name: Upload sources
-        uses: crowdin/github-action@91d52b545f82cb88e86c3002a443de22df77fa16 # v2.1.3
+        uses: crowdin/github-action@2d540f18b0a416b1fbf2ee5be35841bd380fc1da # v2.3.0
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          CROWDIN_API_TOKEN: ${{ steps.retrieve-secrets.outputs.crowdin-api-token }}
--- a/.github/workflows/scan.yml
+++ b/.github/workflows/scan.yml
@@ -9,6 +9,8 @@ on:
      - "hotfix-rc"
  pull_request_target:
    types: [opened, synchronize]
+  merge_group:
+    types: [checks_requested]

 jobs:
  check-run:
@@ -17,7 +19,7 @@ jobs:

  sast:
    name: SAST scan
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
    needs: check-run
    permissions:
      contents: read
@@ -26,12 +28,12 @@ jobs:

    steps:
      - name: Check out repo
-        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
        with:
          ref: ${{  github.event.pull_request.head.sha }}

      - name: Scan with Checkmarx
-        uses: checkmarx/ast-github-action@9fda5a4a2c297608117a5a56af424502a9192e57 # 2.0.34
+        uses: checkmarx/ast-github-action@03a90e7253dadd7e2fff55f5dfbce647b39040a1 # 2.0.37
        env:
          INCREMENTAL: "${{ contains(github.event_name, 'pull_request') && '--sast-incremental' || '' }}"
        with:
@@ -46,13 +48,13 @@ jobs:
            --output-path . ${{ env.INCREMENTAL }}

      - name: Upload Checkmarx results to GitHub
-        uses: github/codeql-action/upload-sarif@294a9d92911152fe08befb9ec03e240add280cb3 # v3.26.8
+        uses: github/codeql-action/upload-sarif@9278e421667d5d90a2839487a482448c4ec7df4d # v3.27.2
        with:
          sarif_file: cx_result.sarif

  quality:
    name: Quality scan
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
    needs: check-run
    permissions:
      contents: read
@@ -60,13 +62,13 @@ jobs:

    steps:
      - name: Check out repo
-        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
        with:
          fetch-depth: 0
          ref: ${{  github.event.pull_request.head.sha }}

      - name: Scan with SonarCloud
-        uses: sonarsource/sonarcloud-github-action@eb211723266fe8e83102bac7361f0a05c3ac1d1b # v3.0.0
+        uses: sonarsource/sonarcloud-github-action@383f7e52eae3ab0510c3cb0e7d9d150bbaeab838 # v3.1.0
        env:
          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -8,6 +8,8 @@ on:
      - "hotfix-rc"
  pull_request_target:
    types: [opened, synchronize]
+  merge_group:
+    type: [checks_requested]
  workflow_dispatch:

 env:
@@ -21,7 +23,7 @@ jobs:

  test:
    name: Test
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
    needs: check-run
    permissions:
      contents: read
@@ -31,7 +33,7 @@ jobs:

    steps:
      - name: Check out repo
-        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
        with:
          ref: ${{  github.event.pull_request.head.sha }}

@@ -39,7 +41,7 @@ jobs:
        uses: gradle/actions/wrapper-validation@d156388eb19639ec20ade50009f3d199ce1e2808 # v4.1.0

      - name: Cache Gradle files
-        uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
+        uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2
        with:
          path: |
            ~/.gradle/caches
@@ -49,7 +51,7 @@ jobs:
            ${{ runner.os }}-gradle-v2-

      - name: Cache build output
-        uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
+        uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2
        with:
          path: |
            ${{ github.workspace }}/build-cache
@@ -58,12 +60,12 @@ jobs:
            ${{ runner.os }}-build-

      - name: Configure Ruby
-        uses: ruby/setup-ruby@f321cf5a4d1533575411f8752cf25b86478b0442 # v1.193.0
+        uses: ruby/setup-ruby@a2bbe5b1b236842c1cb7dd11e8e3b51e0a616acc # v1.202.0
        with:
          bundler-cache: true

      - name: Configure JDK
-        uses: actions/setup-java@2dfa2011c5b2a0f1489bf9e433881c92c1631f88 # v4.3.0
+        uses: actions/setup-java@8df1039502a15bceb9433410b1a100fbe190c53b # v4.5.0
        with:
          distribution: "temurin"
          java-version: ${{ env.JAVA_VERSION }}
@@ -78,8 +80,15 @@ jobs:
        run: |
          bundle exec fastlane check

+      - name: Upload test reports on failure
+        uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
+        if: failure()
+        with:
+          name: test-reports
+          path: app/build/reports/tests/
+
      - name: Upload to codecov.io
-        uses: codecov/codecov-action@e28ff129e5465c2c0dcc6f003fc735cb6ae0c673 # v4.5.0
+        uses: codecov/codecov-action@b9fd7d16f6d7d1b5d2bec1a2887e65ceed900238 # v4.6.0
        with:
          file: app/build/reports/kover/reportStandardDebug.xml
        env:
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -10,20 +10,20 @@ GEM
    artifactory (3.0.17)
    atomos (0.1.3)
    aws-eventstream (1.3.0)
-    aws-partitions (1.975.0)
-    aws-sdk-core (3.205.0)
+    aws-partitions (1.1003.0)
+    aws-sdk-core (3.212.0)
      aws-eventstream (~> 1, >= 1.3.0)
-      aws-partitions (~> 1, >= 1.651.0)
+      aws-partitions (~> 1, >= 1.992.0)
      aws-sigv4 (~> 1.9)
      jmespath (~> 1, >= 1.6.1)
-    aws-sdk-kms (1.91.0)
-      aws-sdk-core (~> 3, >= 3.205.0)
+    aws-sdk-kms (1.95.0)
+      aws-sdk-core (~> 3, >= 3.210.0)
      aws-sigv4 (~> 1.5)
-    aws-sdk-s3 (1.162.0)
-      aws-sdk-core (~> 3, >= 3.205.0)
+    aws-sdk-s3 (1.170.0)
+      aws-sdk-core (~> 3, >= 3.210.0)
      aws-sdk-kms (~> 1)
      aws-sigv4 (~> 1.5)
-    aws-sigv4 (1.9.1)
+    aws-sigv4 (1.10.1)
      aws-eventstream (~> 1, >= 1.0.2)
    babosa (1.0.4)
    base64 (0.2.0)
@@ -32,15 +32,15 @@ GEM
    colored2 (3.1.2)
    commander (4.6.0)
      highline (~> 2.0.0)
-    date (3.3.4)
+    date (3.4.0)
    declarative (0.0.20)
    digest-crc (0.6.5)
      rake (>= 12.0.0, < 14.0.0)
    domain_name (0.6.20240107)
    dotenv (2.8.1)
    emoji_regex (3.2.3)
-    excon (0.111.0)
-    faraday (1.10.3)
+    excon (0.112.0)
+    faraday (1.10.4)
      faraday-em_http (~> 1.0)
      faraday-em_synchrony (~> 1.0)
      faraday-excon (~> 1.1)
@@ -66,10 +66,10 @@ GEM
    faraday-patron (1.0.0)
    faraday-rack (1.0.0)
    faraday-retry (1.0.3)
-    faraday_middleware (1.2.0)
+    faraday_middleware (1.2.1)
      faraday (~> 1.0)
    fastimage (2.3.1)
-    fastlane (2.222.0)
+    fastlane (2.225.0)
      CFPropertyList (>= 2.3, < 4.0.0)
      addressable (>= 2.8, < 3.0.0)
      artifactory (~> 3.0)
@@ -85,6 +85,7 @@ GEM
      faraday-cookie_jar (~> 0.0.6)
      faraday_middleware (~> 1.0)
      fastimage (>= 2.1.0, < 3.0.0)
+      fastlane-sirp (>= 1.0.0)
      gh_inspector (>= 1.1.2, < 2.0.0)
      google-apis-androidpublisher_v3 (~> 0.3)
      google-apis-playcustomapp_v1 (~> 0.1)
@@ -113,6 +114,8 @@ GEM
    fastlane-plugin-firebase_app_distribution (0.9.1)
      google-apis-firebaseappdistribution_v1 (~> 0.3.0)
      google-apis-firebaseappdistribution_v1alpha (~> 0.2.0)
+    fastlane-sirp (1.0.0)
+      sysrandom (~> 1.0)
    gh_inspector (1.1.3)
    google-apis-androidpublisher_v3 (0.54.0)
      google-apis-core (>= 0.11.0, < 2.a)
@@ -159,17 +162,17 @@ GEM
      domain_name (~> 0.5)
    httpclient (2.8.3)
    jmespath (1.6.2)
-    json (2.7.2)
-    jwt (2.9.0)
+    json (2.8.1)
+    jwt (2.9.3)
      base64
    mini_magick (4.13.2)
    mini_mime (1.1.5)
    multi_json (1.15.0)
    multipart-post (2.4.1)
-    nanaimo (0.3.0)
+    nanaimo (0.4.0)
    naturally (2.2.1)
    nkf (0.2.0)
-    optparse (0.5.0)
+    optparse (0.6.0)
    os (1.1.4)
    plist (3.7.1)
    public_suffix (6.0.1)
@@ -179,7 +182,7 @@ GEM
      trailblazer-option (>= 0.1.1, < 0.2.0)
      uber (< 0.2.0)
    retriable (3.1.2)
-    rexml (3.3.7)
+    rexml (3.3.9)
    rouge (2.0.7)
    ruby2_keywords (0.0.5)
    rubyzip (2.3.2)
@@ -192,10 +195,11 @@ GEM
    simctl (1.6.10)
      CFPropertyList
      naturally
+    sysrandom (1.0.5)
    terminal-notifier (2.0.0)
    terminal-table (3.0.2)
      unicode-display_width (>= 1.1.1, < 3)
-    time (0.4.0)
+    time (0.4.1)
      date
    trailblazer-option (0.1.2)
    tty-cursor (0.7.1)
@@ -205,13 +209,13 @@ GEM
    uber (0.1.0)
    unicode-display_width (2.6.0)
    word_wrap (1.0.0)
-    xcodeproj (1.25.0)
+    xcodeproj (1.27.0)
      CFPropertyList (>= 2.3.3, < 4.0)
      atomos (~> 0.1.3)
      claide (>= 1.0.2, < 2.0)
      colored2 (~> 3.1)
-      nanaimo (~> 0.3.0)
-      rexml (>= 3.3.2, < 4.0)
+      nanaimo (~> 0.4.0)
+      rexml (>= 3.3.6, < 4.0)
    xcpretty (0.3.0)
      rouge (~> 2.0.7)
    xcpretty-travis-formatter (1.0.1)
--- a/README.md
+++ b/README.md
@@ -1,7 +1,4 @@
-# Bitwarden Android (BETA)
-
-> [!TIP]
-> This repo has the new native Android app, currently in [Beta](https://community.bitwarden.com/t/about-the-beta-program/39185). Looking for the legacy .NET MAUI apps? Head on over to [bitwarden/mobile](https://github.com/bitwarden/mobile)
+# Bitwarden Android

 ## Contents

@@ -28,7 +25,7 @@
 2. Create a `user.properties` file in the root directory of the project and add the following properties:

    - `gitHubToken`: A "classic" Github Personal Access Token (PAT) with the `read:packages` scope (ex: `gitHubToken=gph_xx...xx`). These can be generated by going to the [Github tokens page](https://github.com/settings/tokens). See [the Github Packages user documentation concerning authentication](https://docs.github.com/en/packages/working-with-a-github-packages-registry/working-with-the-gradle-registry#authenticating-to-github-packages) for more details.
-    - `localSdk`: A boolean value to determine if the SDK should be loaded from the local maven artifactory (ex: `localSdk=true`). This is particularly useful when developing new SDK capabilities. Review [Linking SDK to clients](https://contributing-docs.pages.dev/getting-started/sdk/#linking-sdk-to-clients) for more details.
+    - `localSdk`: A boolean value to determine if the SDK should be loaded from the local maven artifactory (ex: `localSdk=true`). This is particularly useful when developing new SDK capabilities. Review [Linking SDK to clients](https://contributing.bitwarden.com/getting-started/sdk/#linking-the-sdk-to-clients) for more details.

 3. Setup the code style formatter:

@@ -171,6 +168,11 @@ The following is a list of all third-party dependencies included as part of the
    - Purpose: A networking layer interface.
    - License: Apache 2.0

+- **Timber**
+    - https://github.com/JakeWharton/timber
+    - Purpose: Extensible logging library for Android.
+    - License: Apache 2.0
+
 - **zxcvbn4j**
    - https://github.com/nulab/zxcvbn4j
    - Purpose: Password strength estimation.
--- a/app/build.gradle.kts
+++ b/app/build.gradle.kts
@@ -75,6 +75,7 @@ android {
            isMinifyEnabled = false

            buildConfigField(type = "boolean", name = "HAS_DEBUG_MENU", value = "true")
+            buildConfigField(type = "boolean", name = "HAS_LOGS_ENABLED", value = "true")
        }

        // Beta and Release variants are identical except beta has a different package name
@@ -88,6 +89,7 @@ android {
            )

            buildConfigField(type = "boolean", name = "HAS_DEBUG_MENU", value = "false")
+            buildConfigField(type = "boolean", name = "HAS_LOGS_ENABLED", value = "false")
        }
        release {
            isDebuggable = false
@@ -98,6 +100,7 @@ android {
            )

            buildConfigField(type = "boolean", name = "HAS_DEBUG_MENU", value = "false")
+            buildConfigField(type = "boolean", name = "HAS_LOGS_ENABLED", value = "false")
        }
    }

@@ -132,7 +135,10 @@ android {
        unitTests.isReturnDefaultValues = true
    }
    lint {
-        disable.add("MissingTranslation")
+        disable += listOf(
+            "MissingTranslation",
+            "ExtraTranslation",
+        )
    }
 }

@@ -156,8 +162,7 @@ dependencies {
        add("standardImplementation", dependencyNotation)
    }

-    // TODO: this should use a versioned AAR instead of referencing a local AAR BITAU-94
-    implementation(files("libs/authenticatorbridge-0.1.0-SNAPSHOT-release.aar"))
+    implementation(files("libs/authenticatorbridge-1.0.0-release.aar"))

    implementation(libs.androidx.activity.compose)
    implementation(libs.androidx.appcompat)
@@ -200,6 +205,7 @@ dependencies {
    implementation(platform(libs.square.retrofit.bom))
    implementation(libs.square.retrofit)
    implementation(libs.square.retrofit.kotlinx.serialization)
+    implementation(libs.timber)
    implementation(libs.zxing.zxing.core)

    // For now we are restricted to running Compose tests for debug builds only
--- a/app/libs/authenticatorbridge-0.1.0-SNAPSHOT-release.aar
+++ b/app/libs/authenticatorbridge-0.1.0-SNAPSHOT-release.aar
--- a/app/libs/authenticatorbridge-1.0.0-release.aar
+++ b/app/libs/authenticatorbridge-1.0.0-release.aar
--- a/app/proguard-rules.pro
+++ b/app/proguard-rules.pro
@@ -6,6 +6,10 @@
 # we keep it here.
 -keep class com.bitwarden.** { *; }

+# The Android Verifier component must be kept because it looks like dead code. Proguard is unable to
+# see any JNI usage, so our rules must manually opt into keeping it.
+-keep, includedescriptorclasses class org.rustls.platformverifier.** { *; }
+
 ################################################################################
 # Bitwarden Models
 ################################################################################
--- a/app/schemas/com.x8bit.bitwarden.data.vault.datasource.disk.database.VaultDatabase/4.json
+++ b/app/schemas/com.x8bit.bitwarden.data.vault.datasource.disk.database.VaultDatabase/4.json
@@ -0,0 +1,256 @@
+{
+  "formatVersion": 1,
+  "database": {
+    "version": 4,
+    "identityHash": "f7906c69e0a2c065d4d3be140fc721b6",
+    "entities": [
+      {
+        "tableName": "ciphers",
+        "createSql": "CREATE TABLE IF NOT EXISTS `${TABLE_NAME}` (`id` TEXT NOT NULL, `user_id` TEXT NOT NULL, `cipher_type` TEXT NOT NULL, `cipher_json` TEXT NOT NULL, PRIMARY KEY(`id`))",
+        "fields": [
+          {
+            "fieldPath": "id",
+            "columnName": "id",
+            "affinity": "TEXT",
+            "notNull": true
+          },
+          {
+            "fieldPath": "userId",
+            "columnName": "user_id",
+            "affinity": "TEXT",
+            "notNull": true
+          },
+          {
+            "fieldPath": "cipherType",
+            "columnName": "cipher_type",
+            "affinity": "TEXT",
+            "notNull": true
+          },
+          {
+            "fieldPath": "cipherJson",
+            "columnName": "cipher_json",
+            "affinity": "TEXT",
+            "notNull": true
+          }
+        ],
+        "primaryKey": {
+          "autoGenerate": false,
+          "columnNames": [
+            "id"
+          ]
+        },
+        "indices": [
+          {
+            "name": "index_ciphers_user_id",
+            "unique": false,
+            "columnNames": [
+              "user_id"
+            ],
+            "orders": [],
+            "createSql": "CREATE INDEX IF NOT EXISTS `index_ciphers_user_id` ON `${TABLE_NAME}` (`user_id`)"
+          }
+        ],
+        "foreignKeys": []
+      },
+      {
+        "tableName": "collections",
+        "createSql": "CREATE TABLE IF NOT EXISTS `${TABLE_NAME}` (`id` TEXT NOT NULL, `user_id` TEXT NOT NULL, `organization_id` TEXT NOT NULL, `should_hide_passwords` INTEGER NOT NULL, `name` TEXT NOT NULL, `external_id` TEXT, `read_only` INTEGER NOT NULL, `manage` INTEGER NOT NULL, PRIMARY KEY(`id`))",
+        "fields": [
+          {
+            "fieldPath": "id",
+            "columnName": "id",
+            "affinity": "TEXT",
+            "notNull": true
+          },
+          {
+            "fieldPath": "userId",
+            "columnName": "user_id",
+            "affinity": "TEXT",
+            "notNull": true
+          },
+          {
+            "fieldPath": "organizationId",
+            "columnName": "organization_id",
+            "affinity": "TEXT",
+            "notNull": true
+          },
+          {
+            "fieldPath": "shouldHidePasswords",
+            "columnName": "should_hide_passwords",
+            "affinity": "INTEGER",
+            "notNull": true
+          },
+          {
+            "fieldPath": "name",
+            "columnName": "name",
+            "affinity": "TEXT",
+            "notNull": true
+          },
+          {
+            "fieldPath": "externalId",
+            "columnName": "external_id",
+            "affinity": "TEXT",
+            "notNull": false
+          },
+          {
+            "fieldPath": "isReadOnly",
+            "columnName": "read_only",
+            "affinity": "INTEGER",
+            "notNull": true
+          },
+          {
+            "fieldPath": "canManage",
+            "columnName": "manage",
+            "affinity": "INTEGER",
+            "notNull": true
+          }
+        ],
+        "primaryKey": {
+          "autoGenerate": false,
+          "columnNames": [
+            "id"
+          ]
+        },
+        "indices": [
+          {
+            "name": "index_collections_user_id",
+            "unique": false,
+            "columnNames": [
+              "user_id"
+            ],
+            "orders": [],
+            "createSql": "CREATE INDEX IF NOT EXISTS `index_collections_user_id` ON `${TABLE_NAME}` (`user_id`)"
+          }
+        ],
+        "foreignKeys": []
+      },
+      {
+        "tableName": "domains",
+        "createSql": "CREATE TABLE IF NOT EXISTS `${TABLE_NAME}` (`user_id` TEXT NOT NULL, `domains_json` TEXT NOT NULL, PRIMARY KEY(`user_id`))",
+        "fields": [
+          {
+            "fieldPath": "userId",
+            "columnName": "user_id",
+            "affinity": "TEXT",
+            "notNull": true
+          },
+          {
+            "fieldPath": "domainsJson",
+            "columnName": "domains_json",
+            "affinity": "TEXT",
+            "notNull": true
+          }
+        ],
+        "primaryKey": {
+          "autoGenerate": false,
+          "columnNames": [
+            "user_id"
+          ]
+        },
+        "indices": [],
+        "foreignKeys": []
+      },
+      {
+        "tableName": "folders",
+        "createSql": "CREATE TABLE IF NOT EXISTS `${TABLE_NAME}` (`id` TEXT NOT NULL, `user_id` TEXT NOT NULL, `name` TEXT, `revision_date` INTEGER NOT NULL, PRIMARY KEY(`id`))",
+        "fields": [
+          {
+            "fieldPath": "id",
+            "columnName": "id",
+            "affinity": "TEXT",
+            "notNull": true
+          },
+          {
+            "fieldPath": "userId",
+            "columnName": "user_id",
+            "affinity": "TEXT",
+            "notNull": true
+          },
+          {
+            "fieldPath": "name",
+            "columnName": "name",
+            "affinity": "TEXT",
+            "notNull": false
+          },
+          {
+            "fieldPath": "revisionDate",
+            "columnName": "revision_date",
+            "affinity": "INTEGER",
+            "notNull": true
+          }
+        ],
+        "primaryKey": {
+          "autoGenerate": false,
+          "columnNames": [
+            "id"
+          ]
+        },
+        "indices": [
+          {
+            "name": "index_folders_user_id",
+            "unique": false,
+            "columnNames": [
+              "user_id"
+            ],
+            "orders": [],
+            "createSql": "CREATE INDEX IF NOT EXISTS `index_folders_user_id` ON `${TABLE_NAME}` (`user_id`)"
+          }
+        ],
+        "foreignKeys": []
+      },
+      {
+        "tableName": "sends",
+        "createSql": "CREATE TABLE IF NOT EXISTS `${TABLE_NAME}` (`id` TEXT NOT NULL, `user_id` TEXT NOT NULL, `send_type` TEXT NOT NULL, `send_json` TEXT NOT NULL, PRIMARY KEY(`id`))",
+        "fields": [
+          {
+            "fieldPath": "id",
+            "columnName": "id",
+            "affinity": "TEXT",
+            "notNull": true
+          },
+          {
+            "fieldPath": "userId",
+            "columnName": "user_id",
+            "affinity": "TEXT",
+            "notNull": true
+          },
+          {
+            "fieldPath": "sendType",
+            "columnName": "send_type",
+            "affinity": "TEXT",
+            "notNull": true
+          },
+          {
+            "fieldPath": "sendJson",
+            "columnName": "send_json",
+            "affinity": "TEXT",
+            "notNull": true
+          }
+        ],
+        "primaryKey": {
+          "autoGenerate": false,
+          "columnNames": [
+            "id"
+          ]
+        },
+        "indices": [
+          {
+            "name": "index_sends_user_id",
+            "unique": false,
+            "columnNames": [
+              "user_id"
+            ],
+            "orders": [],
+            "createSql": "CREATE INDEX IF NOT EXISTS `index_sends_user_id` ON `${TABLE_NAME}` (`user_id`)"
+          }
+        ],
+        "foreignKeys": []
+      }
+    ],
+    "views": [],
+    "setupQueries": [
+      "CREATE TABLE IF NOT EXISTS room_master_table (id INTEGER PRIMARY KEY,identity_hash TEXT)",
+      "INSERT OR REPLACE INTO room_master_table (id,identity_hash) VALUES(42, 'f7906c69e0a2c065d4d3be140fc721b6')"
+    ]
+  }
+}
--- a/app/schemas/com.x8bit.bitwarden.data.vault.datasource.disk.database.VaultDatabase/5.json
+++ b/app/schemas/com.x8bit.bitwarden.data.vault.datasource.disk.database.VaultDatabase/5.json
@@ -0,0 +1,256 @@
+{
+  "formatVersion": 1,
+  "database": {
+    "version": 5,
+    "identityHash": "ee697e71290c92fe5b607d0b7665481b",
+    "entities": [
+      {
+        "tableName": "ciphers",
+        "createSql": "CREATE TABLE IF NOT EXISTS `${TABLE_NAME}` (`id` TEXT NOT NULL, `user_id` TEXT NOT NULL, `cipher_type` TEXT NOT NULL, `cipher_json` TEXT NOT NULL, PRIMARY KEY(`id`))",
+        "fields": [
+          {
+            "fieldPath": "id",
+            "columnName": "id",
+            "affinity": "TEXT",
+            "notNull": true
+          },
+          {
+            "fieldPath": "userId",
+            "columnName": "user_id",
+            "affinity": "TEXT",
+            "notNull": true
+          },
+          {
+            "fieldPath": "cipherType",
+            "columnName": "cipher_type",
+            "affinity": "TEXT",
+            "notNull": true
+          },
+          {
+            "fieldPath": "cipherJson",
+            "columnName": "cipher_json",
+            "affinity": "TEXT",
+            "notNull": true
+          }
+        ],
+        "primaryKey": {
+          "autoGenerate": false,
+          "columnNames": [
+            "id"
+          ]
+        },
+        "indices": [
+          {
+            "name": "index_ciphers_user_id",
+            "unique": false,
+            "columnNames": [
+              "user_id"
+            ],
+            "orders": [],
+            "createSql": "CREATE INDEX IF NOT EXISTS `index_ciphers_user_id` ON `${TABLE_NAME}` (`user_id`)"
+          }
+        ],
+        "foreignKeys": []
+      },
+      {
+        "tableName": "collections",
+        "createSql": "CREATE TABLE IF NOT EXISTS `${TABLE_NAME}` (`id` TEXT NOT NULL, `user_id` TEXT NOT NULL, `organization_id` TEXT NOT NULL, `should_hide_passwords` INTEGER NOT NULL, `name` TEXT NOT NULL, `external_id` TEXT, `read_only` INTEGER NOT NULL, `manage` INTEGER NOT NULL, PRIMARY KEY(`id`))",
+        "fields": [
+          {
+            "fieldPath": "id",
+            "columnName": "id",
+            "affinity": "TEXT",
+            "notNull": true
+          },
+          {
+            "fieldPath": "userId",
+            "columnName": "user_id",
+            "affinity": "TEXT",
+            "notNull": true
+          },
+          {
+            "fieldPath": "organizationId",
+            "columnName": "organization_id",
+            "affinity": "TEXT",
+            "notNull": true
+          },
+          {
+            "fieldPath": "shouldHidePasswords",
+            "columnName": "should_hide_passwords",
+            "affinity": "INTEGER",
+            "notNull": true
+          },
+          {
+            "fieldPath": "name",
+            "columnName": "name",
+            "affinity": "TEXT",
+            "notNull": true
+          },
+          {
+            "fieldPath": "externalId",
+            "columnName": "external_id",
+            "affinity": "TEXT",
+            "notNull": false
+          },
+          {
+            "fieldPath": "isReadOnly",
+            "columnName": "read_only",
+            "affinity": "INTEGER",
+            "notNull": true
+          },
+          {
+            "fieldPath": "canManage",
+            "columnName": "manage",
+            "affinity": "INTEGER",
+            "notNull": true
+          }
+        ],
+        "primaryKey": {
+          "autoGenerate": false,
+          "columnNames": [
+            "id"
+          ]
+        },
+        "indices": [
+          {
+            "name": "index_collections_user_id",
+            "unique": false,
+            "columnNames": [
+              "user_id"
+            ],
+            "orders": [],
+            "createSql": "CREATE INDEX IF NOT EXISTS `index_collections_user_id` ON `${TABLE_NAME}` (`user_id`)"
+          }
+        ],
+        "foreignKeys": []
+      },
+      {
+        "tableName": "domains",
+        "createSql": "CREATE TABLE IF NOT EXISTS `${TABLE_NAME}` (`user_id` TEXT NOT NULL, `domains_json` TEXT, PRIMARY KEY(`user_id`))",
+        "fields": [
+          {
+            "fieldPath": "userId",
+            "columnName": "user_id",
+            "affinity": "TEXT",
+            "notNull": true
+          },
+          {
+            "fieldPath": "domainsJson",
+            "columnName": "domains_json",
+            "affinity": "TEXT",
+            "notNull": false
+          }
+        ],
+        "primaryKey": {
+          "autoGenerate": false,
+          "columnNames": [
+            "user_id"
+          ]
+        },
+        "indices": [],
+        "foreignKeys": []
+      },
+      {
+        "tableName": "folders",
+        "createSql": "CREATE TABLE IF NOT EXISTS `${TABLE_NAME}` (`id` TEXT NOT NULL, `user_id` TEXT NOT NULL, `name` TEXT, `revision_date` INTEGER NOT NULL, PRIMARY KEY(`id`))",
+        "fields": [
+          {
+            "fieldPath": "id",
+            "columnName": "id",
+            "affinity": "TEXT",
+            "notNull": true
+          },
+          {
+            "fieldPath": "userId",
+            "columnName": "user_id",
+            "affinity": "TEXT",
+            "notNull": true
+          },
+          {
+            "fieldPath": "name",
+            "columnName": "name",
+            "affinity": "TEXT",
+            "notNull": false
+          },
+          {
+            "fieldPath": "revisionDate",
+            "columnName": "revision_date",
+            "affinity": "INTEGER",
+            "notNull": true
+          }
+        ],
+        "primaryKey": {
+          "autoGenerate": false,
+          "columnNames": [
+            "id"
+          ]
+        },
+        "indices": [
+          {
+            "name": "index_folders_user_id",
+            "unique": false,
+            "columnNames": [
+              "user_id"
+            ],
+            "orders": [],
+            "createSql": "CREATE INDEX IF NOT EXISTS `index_folders_user_id` ON `${TABLE_NAME}` (`user_id`)"
+          }
+        ],
+        "foreignKeys": []
+      },
+      {
+        "tableName": "sends",
+        "createSql": "CREATE TABLE IF NOT EXISTS `${TABLE_NAME}` (`id` TEXT NOT NULL, `user_id` TEXT NOT NULL, `send_type` TEXT NOT NULL, `send_json` TEXT NOT NULL, PRIMARY KEY(`id`))",
+        "fields": [
+          {
+            "fieldPath": "id",
+            "columnName": "id",
+            "affinity": "TEXT",
+            "notNull": true
+          },
+          {
+            "fieldPath": "userId",
+            "columnName": "user_id",
+            "affinity": "TEXT",
+            "notNull": true
+          },
+          {
+            "fieldPath": "sendType",
+            "columnName": "send_type",
+            "affinity": "TEXT",
+            "notNull": true
+          },
+          {
+            "fieldPath": "sendJson",
+            "columnName": "send_json",
+            "affinity": "TEXT",
+            "notNull": true
+          }
+        ],
+        "primaryKey": {
+          "autoGenerate": false,
+          "columnNames": [
+            "id"
+          ]
+        },
+        "indices": [
+          {
+            "name": "index_sends_user_id",
+            "unique": false,
+            "columnNames": [
+              "user_id"
+            ],
+            "orders": [],
+            "createSql": "CREATE INDEX IF NOT EXISTS `index_sends_user_id` ON `${TABLE_NAME}` (`user_id`)"
+          }
+        ],
+        "foreignKeys": []
+      }
+    ],
+    "views": [],
+    "setupQueries": [
+      "CREATE TABLE IF NOT EXISTS room_master_table (id INTEGER PRIMARY KEY,identity_hash TEXT)",
+      "INSERT OR REPLACE INTO room_master_table (id,identity_hash) VALUES(42, 'ee697e71290c92fe5b607d0b7665481b')"
+    ]
+  }
+}
--- a/app/src/beta/res/values/manifest.xml
+++ b/app/src/beta/res/values/manifest.xml
@@ -0,0 +1,9 @@
+<?xml version="1.0" encoding="utf-8"?>
+<resources>
+    <!-- For beta variant, we don't have a matching variant of the Bitwarden Authenticator app.
+    Therefore, we leave the known app cert null here so that no clients can connect to
+    AuthenticatorBridgeService in the beta variant. If later another variant of the
+    Bitwarden Authenticator app is added, a SHA-256 digest of that variant's APK can be added here.
+    -->
+    <string-array name="known_authenticator_app_certs" />
+</resources>
--- a/app/src/beta/res/xml/shortcuts.xml
+++ b/app/src/beta/res/xml/shortcuts.xml
@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="utf-8"?>
+<shortcuts xmlns:android="http://schemas.android.com/apk/res/android">
+    <shortcut
+        android:enabled="true"
+        android:icon="@mipmap/ic_generator_shortcut"
+        android:shortcutId="bitwarden_password_generator"
+        android:shortcutLongLabel="@string/password_generator"
+        android:shortcutShortLabel="@string/password_generator">
+        <intent
+            android:action="android.intent.action.VIEW"
+            android:data="bitwarden://password_generator"
+            android:targetClass="com.x8bit.bitwarden.MainActivity"
+            android:targetPackage="com.x8bit.bitwarden.beta" />
+    </shortcut>
+    <shortcut
+        android:enabled="true"
+        android:icon="@mipmap/ic_vault_shortcut"
+        android:shortcutId="bitwarden_my_vault"
+        android:shortcutLongLabel="@string/my_vault"
+        android:shortcutShortLabel="@string/my_vault">
+        <intent
+            android:action="android.intent.action.VIEW"
+            android:data="bitwarden://my_vault"
+            android:targetClass="com.x8bit.bitwarden.MainActivity"
+            android:targetPackage="com.x8bit.bitwarden.beta" />
+    </shortcut>
+</shortcuts>
--- a/app/src/debug/res/values/manifest.xml
+++ b/app/src/debug/res/values/manifest.xml
@@ -0,0 +1,7 @@
+<?xml version="1.0" encoding="utf-8"?>
+<resources>
+    <string-array name="known_authenticator_app_certs">
+        <!-- This is the SHA-256 digest for the Authenticator App debug variant:-->
+        <item>13144ab52af797a88c2fe292674461ef1715e0e1e4f5f538f63f1c174696f476</item>
+    </string-array>
+</resources>
--- a/app/src/fdroid/java/com/x8bit/bitwarden/data/platform/manager/CrashLogsManagerImpl.kt
+++ b/app/src/fdroid/java/com/x8bit/bitwarden/data/platform/manager/CrashLogsManagerImpl.kt
@@ -1,16 +0,0 @@
-package com.x8bit.bitwarden.data.platform.manager
-
-import com.x8bit.bitwarden.data.platform.datasource.disk.legacy.LegacyAppCenterMigrator
-import com.x8bit.bitwarden.data.platform.repository.SettingsRepository
-
-/**
- * CrashLogsManager implementation for F-droid flavor builds.
- */
-class CrashLogsManagerImpl(
-    settingsRepository: SettingsRepository,
-    legacyAppCenterMigrator: LegacyAppCenterMigrator,
-) : CrashLogsManager {
-    override var isEnabled: Boolean = true
-
-    override fun trackNonFatalException(e: Exception) = Unit
-}
--- a/app/src/fdroid/java/com/x8bit/bitwarden/data/platform/manager/LogsManagerImpl.kt
+++ b/app/src/fdroid/java/com/x8bit/bitwarden/data/platform/manager/LogsManagerImpl.kt
@@ -0,0 +1,27 @@
+package com.x8bit.bitwarden.data.platform.manager
+
+import com.x8bit.bitwarden.BuildConfig
+import com.x8bit.bitwarden.data.platform.datasource.disk.legacy.LegacyAppCenterMigrator
+import com.x8bit.bitwarden.data.platform.repository.SettingsRepository
+import com.x8bit.bitwarden.data.platform.repository.model.Environment
+import timber.log.Timber
+
+/**
+ * [LogsManager] implementation for F-droid flavor builds.
+ */
+class LogsManagerImpl(
+    settingsRepository: SettingsRepository,
+    legacyAppCenterMigrator: LegacyAppCenterMigrator,
+) : LogsManager {
+    init {
+        if (BuildConfig.HAS_LOGS_ENABLED) {
+            Timber.plant(Timber.DebugTree())
+        }
+    }
+
+    override var isEnabled: Boolean = false
+
+    override fun setUserData(userId: String?, environmentType: Environment.Type) = Unit
+
+    override fun trackNonFatalException(throwable: Throwable) = Unit
+}
--- a/app/src/main/AndroidManifest.xml
+++ b/app/src/main/AndroidManifest.xml
@@ -16,6 +16,20 @@
    <uses-permission android:name="android.permission.INTERNET" />
    <uses-permission android:name="android.permission.POST_NOTIFICATIONS" />

+    <!-- Protect access to AuthenticatorBridgeService using this custom permission.
+
+    Note that each build type uses a different value for knownCerts.
+
+    This in effect means that the only application that can connect to the debug/release/etc
+    variant AuthenticatorBridgeService is the debug/release/etc variant Bitwarden Authenticator
+    app. -->
+    <permission
+        android:name="${applicationId}.permission.AUTHENTICATOR_BRIDGE_SERVICE"
+        android:knownCerts="@array/known_authenticator_app_certs"
+        android:label="Bitwarden Bridge"
+        android:protectionLevel="signature|knownSigner"
+        tools:targetApi="s" />
+
    <application
        android:name=".BitwardenApplication"
        android:allowBackup="false"
@@ -75,6 +89,20 @@

                <category android:name="android.intent.category.DEFAULT" />
            </intent-filter>
+            <intent-filter>
+                <action android:name="android.intent.action.VIEW" />
+
+                <category android:name="android.intent.category.DEFAULT" />
+                <category android:name="android.intent.category.BROWSABLE" />
+
+                <data android:scheme="otpauth" />
+                <data android:host="totp" />
+            </intent-filter>
+            <intent-filter>
+                <action android:name="android.intent.action.VIEW" />
+                <category android:name="android.intent.category.DEFAULT" />
+                <data android:scheme="bitwarden" />
+            </intent-filter>
        </activity>

        <activity
@@ -277,6 +305,11 @@
            android:name="android.content.APP_RESTRICTIONS"
            android:resource="@xml/app_restrictions" />

+        <service
+            android:name="com.x8bit.bitwarden.data.platform.service.AuthenticatorBridgeService"
+            android:exported="true"
+            android:permission="${applicationId}.permission.AUTHENTICATOR_BRIDGE_SERVICE" />
+
    </application>

    <queries>
--- a/app/src/main/assets/fido2_privileged_community.json
+++ b/app/src/main/assets/fido2_privileged_community.json
@@ -0,0 +1,80 @@
+{
+  "apps": [
+    {
+      "type": "android",
+      "info": {
+        "package_name": "org.chromium.chrome",
+        "signatures": [
+          {
+            "build": "release",
+            "cert_fingerprint_sha256": "A8:56:48:50:79:BC:B3:57:BF:BE:69:BA:19:A9:BA:43:CD:0A:D9:AB:22:67:52:C7:80:B6:88:8A:FD:48:21:6B"
+          }
+        ]
+      }
+    },
+    {
+      "type": "android",
+      "info": {
+        "package_name": "org.cromite.cromite",
+        "signatures": [
+          {
+            "build": "release",
+            "cert_fingerprint_sha256": "63:3F:A4:1D:82:11:D6:D0:91:6A:81:9B:89:66:8C:6D:E9:2E:64:23:2D:A6:7F:9D:16:FD:81:C3:B7:E9:23:FF"
+          }
+        ]
+      }
+    },
+    {
+      "type": "android",
+      "info": {
+        "package_name": "org.mozilla.fennec_fdroid",
+        "signatures": [
+          {
+            "build": "release",
+            "cert_fingerprint_sha256": "06:66:53:58:EF:D8:BA:05:BE:23:6A:47:A1:2C:B0:95:8D:7D:75:DD:93:9D:77:C2:B3:1F:53:98:53:7E:BD:C5"
+          }
+        ]
+      }
+    },
+    {
+      "type": "android",
+      "info": {
+        "package_name": "us.spotco.fennec_dos",
+        "signatures": [
+          {
+            "build": "release",
+            "cert_fingerprint_sha256": "26:0E:0A:49:67:8C:78:B7:0C:02:D6:53:7A:DD:3B:6D:C0:A1:71:71:BB:DE:8C:E7:5F:D4:02:6A:8A:3E:18:D2"
+          },
+          {
+            "build": "release",
+            "cert_fingerprint_sha256": "FF:81:F5:BE:56:39:65:94:EE:E7:0F:EF:28:32:25:6E:15:21:41:22:E2:BA:9C:ED:D2:60:05:FF:D4:BC:AA:A8"
+          }
+        ]
+      }
+    },
+    {
+      "type": "android",
+      "info": {
+        "package_name": "us.spotco.mulch",
+        "signatures": [
+          {
+            "build": "release",
+            "cert_fingerprint_sha256": "26:0E:0A:49:67:8C:78:B7:0C:02:D6:53:7A:DD:3B:6D:C0:A1:71:71:BB:DE:8C:E7:5F:D4:02:6A:8A:3E:18:D2"
+          }
+        ]
+      }
+    },
+    {
+      "type": "android",
+      "info": {
+        "package_name": "io.github.forkmaintainers.iceraven",
+        "signatures": [
+          {
+            "build": "release",
+            "cert_fingerprint_sha256": "9C:0D:22:37:9F:48:7B:70:A4:F9:F8:BE:C0:17:3C:F9:1A:16:44:F0:8F:93:38:5B:5B:78:2C:E3:76:60:BA:81"
+          }
+        ]
+      }
+    }
+  ]
+}
--- a/app/src/main/assets/fido2_privileged_allow_list.json
+++ b/app/src/main/assets/fido2_privileged_allow_list.json
@@ -475,7 +475,102 @@
          }
        ]
      }
+    },
+    {
+      "type": "android",
+      "info": {
+        "package_name": "com.talonsec.talon",
+        "signatures": [
+          {
+            "build": "release",
+            "cert_fingerprint_sha256": "A3:66:03:44:A6:F6:AF:CA:81:8C:BF:43:96:A2:3C:CF:D5:ED:7A:78:1B:B4:A3:D1:85:03:01:E2:F4:6D:23:83"
+          },
+          {
+            "build": "release",
+            "cert_fingerprint_sha256": "E2:A5:64:74:EA:23:7B:06:67:B6:F5:2C:DC:E9:04:5E:24:88:3B:AE:D0:82:59:9A:A2:DF:0B:60:3A:CF:6A:3B"
+          }
+        ]
+      }
+    },
+    {
+      "type": "android",
+      "info": {
+        "package_name": "com.talonsec.talon_beta",
+        "signatures": [
+          {
+            "build": "release",
+            "cert_fingerprint_sha256": "F5:86:62:7A:32:C8:9F:E6:7E:00:6D:B1:8C:34:31:9E:01:7F:B3:B2:BE:D6:9D:01:01:B7:F9:43:E7:7C:48:AE"
+          },
+          {
+            "build": "release",
+            "cert_fingerprint_sha256": "9A:A1:25:D5:E5:5E:3F:B0:DE:96:72:D9:A9:5D:04:65:3F:49:4A:1E:C3:EE:76:1E:94:C4:4E:5D:2F:65:8E:2F"
+          }
+        ]
+      }
+    },
+    {
+      "type": "android",
+      "info": {
+        "package_name": "com.duckduckgo.mobile.android.debug",
+        "signatures": [
+          {
+            "build": "release",
+            "cert_fingerprint_sha256": "C4:F0:9E:2B:D7:25:AD:F5:AD:92:0B:A2:80:27:66:AC:16:4A:C1:53:B3:EA:9E:08:48:B0:57:98:37:F7:6A:29"
+          }
+        ]
+      }
+    },
+    {
+      "type": "android",
+      "info": {
+        "package_name": "com.duckduckgo.mobile.android",
+        "signatures": [
+          {
+            "build": "release",
+            "cert_fingerprint_sha256": "BB:7B:B3:1C:57:3C:46:A1:DA:7F:C5:C5:28:A6:AC:F4:32:10:84:56:FE:EC:50:81:0C:7F:33:69:4E:B3:D2:D4"
+          }
+        ]
+      }
+    },
+    {
+      "type": "android",
+      "info": {
+        "package_name": "com.naver.whale",
+        "signatures": [
+          {
+            "build": "release",
+            "cert_fingerprint_sha256": "0B:8B:85:23:BB:4A:EF:FA:34:6E:4B:DD:4F:BF:7D:19:34:50:56:9A:A1:4A:AA:D4:AD:FD:94:A3:F7:B2:27:BB"
+          }
+        ]
+      }
+    },
+    {
+      "type": "android",
+      "info": {
+        "package_name": "com.fido.fido2client",
+        "signatures": [
+          {
+            "build": "release",
+            "cert_fingerprint_sha256": "FC:98:DA:E6:3A:D3:96:26:C8:C6:7F:BE:83:F2:F0:6F:74:93:2A:9C:D1:46:B9:2C:EC:FC:6A:04:7A:90:43:86"
+          }
+        ]
+      }
+    },
+    {
+      "type": "android",
+      "info": {
+        "package_name": "com.heytap.browser",
+        "signatures": [
+          {
+            "build": "release",
+            "cert_fingerprint_sha256": "AF:F8:A7:49:CF:0E:7D:75:44:65:D0:FB:FA:7B:8D:0C:64:5E:22:5C:10:C6:E2:32:AD:A0:D9:74:88:36:B8:E5"
+          },
+          {
+            "build": "release",
+            "cert_fingerprint_sha256": "A8:FE:A4:CA:FB:93:32:DA:26:B8:E6:81:08:17:C1:DA:90:A5:03:0E:35:A6:0A:79:E0:6C:90:97:AA:C6:A4:42"
+          }
+        ]
+      }
    }
  ]
 }
-
--- a/app/src/main/java/com/x8bit/bitwarden/BitwardenApplication.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/BitwardenApplication.kt
@@ -3,7 +3,7 @@ package com.x8bit.bitwarden
 import android.app.Application
 import com.x8bit.bitwarden.data.auth.manager.AuthRequestNotificationManager
 import com.x8bit.bitwarden.data.platform.annotation.OmitFromCoverage
-import com.x8bit.bitwarden.data.platform.manager.CrashLogsManager
+import com.x8bit.bitwarden.data.platform.manager.LogsManager
 import com.x8bit.bitwarden.data.platform.manager.NetworkConfigManager
 import com.x8bit.bitwarden.data.platform.manager.event.OrganizationEventManager
 import com.x8bit.bitwarden.data.platform.manager.restriction.RestrictionManager
@@ -19,10 +19,10 @@ class BitwardenApplication : Application() {
    // Inject classes here that must be triggered on startup but are not otherwise consumed by
    // other callers.
    @Inject
-    lateinit var networkConfigManager: NetworkConfigManager
+    lateinit var logsManager: LogsManager

    @Inject
-    lateinit var crashLogsManager: CrashLogsManager
+    lateinit var networkConfigManager: NetworkConfigManager

    @Inject
    lateinit var authRequestNotificationManager: AuthRequestNotificationManager
--- a/app/src/main/java/com/x8bit/bitwarden/MainViewModel.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/MainViewModel.kt
@@ -5,6 +5,7 @@ import android.os.Parcelable
 import androidx.lifecycle.SavedStateHandle
 import androidx.lifecycle.viewModelScope
 import com.bitwarden.vault.CipherView
+import com.x8bit.bitwarden.data.auth.manager.AddTotpItemFromAuthenticatorManager
 import com.x8bit.bitwarden.data.auth.repository.AuthRepository
 import com.x8bit.bitwarden.data.auth.repository.model.EmailTokenResult
 import com.x8bit.bitwarden.data.auth.util.getCompleteRegistrationDataIntentOrNull
@@ -23,6 +24,7 @@ import com.x8bit.bitwarden.data.platform.manager.model.CompleteRegistrationData
 import com.x8bit.bitwarden.data.platform.manager.model.SpecialCircumstance
 import com.x8bit.bitwarden.data.platform.repository.EnvironmentRepository
 import com.x8bit.bitwarden.data.platform.repository.SettingsRepository
+import com.x8bit.bitwarden.data.platform.util.isAddTotpLoginItemFromAuthenticator
 import com.x8bit.bitwarden.data.vault.manager.model.VaultStateEvent
 import com.x8bit.bitwarden.data.vault.repository.VaultRepository
 import com.x8bit.bitwarden.ui.platform.base.BaseViewModel
@@ -30,8 +32,11 @@ import com.x8bit.bitwarden.ui.platform.base.util.Text
 import com.x8bit.bitwarden.ui.platform.base.util.asText
 import com.x8bit.bitwarden.ui.platform.feature.settings.appearance.model.AppTheme
 import com.x8bit.bitwarden.ui.platform.manager.intent.IntentManager
+import com.x8bit.bitwarden.ui.platform.util.isAccountSecurityShortcut
 import com.x8bit.bitwarden.ui.platform.util.isMyVaultShortcut
 import com.x8bit.bitwarden.ui.platform.util.isPasswordGeneratorShortcut
+import com.x8bit.bitwarden.ui.vault.model.TotpData
+import com.x8bit.bitwarden.ui.vault.util.getTotpDataOrNull
 import dagger.hilt.android.lifecycle.HiltViewModel
 import kotlinx.coroutines.delay
 import kotlinx.coroutines.flow.distinctUntilChanged
@@ -56,12 +61,13 @@ private const val SPECIAL_CIRCUMSTANCE_KEY = "special-circumstance"
 class MainViewModel @Inject constructor(
    accessibilitySelectionManager: AccessibilitySelectionManager,
    autofillSelectionManager: AutofillSelectionManager,
+    private val addTotpItemFromAuthenticatorManager: AddTotpItemFromAuthenticatorManager,
    private val specialCircumstanceManager: SpecialCircumstanceManager,
    private val garbageCollectionManager: GarbageCollectionManager,
    private val fido2CredentialManager: Fido2CredentialManager,
    private val intentManager: IntentManager,
    settingsRepository: SettingsRepository,
-    vaultRepository: VaultRepository,
+    private val vaultRepository: VaultRepository,
    private val authRepository: AuthRepository,
    private val environmentRepository: EnvironmentRepository,
    private val savedStateHandle: SavedStateHandle,
@@ -184,12 +190,14 @@ class MainViewModel @Inject constructor(
    private fun handleAccessibilitySelectionReceive(
        action: MainAction.Internal.AccessibilitySelectionReceive,
    ) {
+        specialCircumstanceManager.specialCircumstance = null
        sendEvent(MainEvent.CompleteAccessibilityAutofill(cipherView = action.cipherView))
    }

    private fun handleAutofillSelectionReceive(
        action: MainAction.Internal.AutofillSelectionReceive,
    ) {
+        specialCircumstanceManager.specialCircumstance = null
        sendEvent(MainEvent.CompleteAutofill(cipherView = action.cipherView))
    }

@@ -223,7 +231,7 @@ class MainViewModel @Inject constructor(
        )
    }

-    @Suppress("LongMethod")
+    @Suppress("LongMethod", "CyclomaticComplexMethod")
    private fun handleIntent(
        intent: Intent,
        isFirstIntent: Boolean,
@@ -232,14 +240,39 @@ class MainViewModel @Inject constructor(
        val autofillSaveItem = intent.getAutofillSaveItemOrNull()
        val autofillSelectionData = intent.getAutofillSelectionDataOrNull()
        val shareData = intentManager.getShareDataFromIntent(intent)
+        val totpData: TotpData? =
+            // First grab TOTP URI directly from the intent data:
+            intent.getTotpDataOrNull()
+                ?: run {
+                    // Then check to see if the intent is coming from the Authenticator app:
+                    if (intent.isAddTotpLoginItemFromAuthenticator()) {
+                        addTotpItemFromAuthenticatorManager.pendingAddTotpLoginItemData.also {
+                            // Clear pending add TOTP data so it is only handled once:
+                            addTotpItemFromAuthenticatorManager.pendingAddTotpLoginItemData = null
+                        }
+                    } else {
+                        null
+                    }
+                }
        val hasGeneratorShortcut = intent.isPasswordGeneratorShortcut
        val hasVaultShortcut = intent.isMyVaultShortcut
+        val hasAccountSecurityShortcut = intent.isAccountSecurityShortcut
        val fido2CredentialRequestData = intent.getFido2CredentialRequestOrNull()
        val completeRegistrationData = intent.getCompleteRegistrationDataIntentOrNull()
        val fido2CredentialAssertionRequest = intent.getFido2AssertionRequestOrNull()
        val fido2GetCredentialsRequest = intent.getFido2GetCredentialsRequestOrNull()
        when {
            passwordlessRequestData != null -> {
+                authRepository.activeUserId?.let {
+                    if (it != passwordlessRequestData.userId &&
+                        !vaultRepository.isVaultUnlocked(it)
+                    ) {
+                        // We only switch the account here if the current user's vault is not
+                        // unlocked, otherwise prompt the user to allow us to change the account
+                        // in the LoginApprovalScreen
+                        authRepository.switchAccount(passwordlessRequestData.userId)
+                    }
+                }
                specialCircumstanceManager.specialCircumstance =
                    SpecialCircumstance.PasswordlessRequest(
                        passwordlessRequestData = passwordlessRequestData,
@@ -270,6 +303,11 @@ class MainViewModel @Inject constructor(
                    )
            }

+            totpData != null -> {
+                specialCircumstanceManager.specialCircumstance =
+                    SpecialCircumstance.AddTotpLoginItem(data = totpData)
+            }
+
            shareData != null -> {
                specialCircumstanceManager.specialCircumstance =
                    SpecialCircumstance.ShareNewSend(
@@ -320,6 +358,11 @@ class MainViewModel @Inject constructor(
            hasVaultShortcut -> {
                specialCircumstanceManager.specialCircumstance = SpecialCircumstance.VaultShortcut
            }
+
+            hasAccountSecurityShortcut -> {
+                specialCircumstanceManager.specialCircumstance =
+                    SpecialCircumstance.AccountSecurityShortcut
+            }
        }
    }

--- a/app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/disk/AuthDiskSource.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/disk/AuthDiskSource.kt
@@ -181,6 +181,11 @@ interface AuthDiskSource {
     */
    fun storeUserBiometricUnlockKey(userId: String, biometricsKey: String?)

+    /**
+     * Gets the flow for the biometrics key for the given [userId].
+     */
+    fun getUserBiometicUnlockKeyFlow(userId: String): Flow<String?>
+
    /**
     * Retrieves a pin-protected user key for the given [userId].
     */
@@ -198,6 +203,11 @@ interface AuthDiskSource {
        inMemoryOnly: Boolean = false,
    )

+    /**
+     * Retrieves a flow for the pin-protected user key for the given [userId].
+     */
+    fun getPinProtectedUserKeyFlow(userId: String): Flow<String?>
+
    /**
     * Gets a two-factor auth token using a user's [email].
     */
@@ -306,4 +316,19 @@ interface AuthDiskSource {
     *  if any exists.
     */
    fun getOnboardingStatusFlow(userId: String): Flow<OnboardingStatus?>
+
+    /**
+     * Gets the show import logins flag for the given [userId].
+     */
+    fun getShowImportLogins(userId: String): Boolean?
+
+    /**
+     * Stores the show import logins flag for the given [userId].
+     */
+    fun storeShowImportLogins(userId: String, showImportLogins: Boolean?)
+
+    /**
+     * Emits updates that track [getShowImportLogins]. This will replay the last known value,
+     */
+    fun getShowImportLoginsFlow(userId: String): Flow<Boolean?>
 }
--- a/app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/disk/AuthDiskSourceImpl.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/disk/AuthDiskSourceImpl.kt
@@ -45,6 +45,7 @@ private const val SHOULD_TRUST_DEVICE_KEY = "shouldTrustDevice"
 private const val TDE_LOGIN_COMPLETE = "tdeLoginComplete"
 private const val USES_KEY_CONNECTOR = "usesKeyConnector"
 private const val ONBOARDING_STATUS_KEY = "onboardingStatus"
+private const val SHOW_IMPORT_LOGINS_KEY = "showImportLogins"

 /**
 * Primary implementation of [AuthDiskSource].
@@ -72,6 +73,11 @@ class AuthDiskSourceImpl(
        mutableMapOf<String, MutableSharedFlow<AccountTokensJson?>>()
    private val mutableOnboardingStatusFlowMap =
        mutableMapOf<String, MutableSharedFlow<OnboardingStatus?>>()
+    private val mutableShowImportLoginsFlowMap = mutableMapOf<String, MutableSharedFlow<Boolean?>>()
+    private val mutableBiometricUnlockKeyFlowMap =
+        mutableMapOf<String, MutableSharedFlow<String?>>()
+    private val mutablePinProtectedUserKeyFlowMap =
+        mutableMapOf<String, MutableSharedFlow<String?>>()
    private val mutableUserStateFlow = bufferedMutableSharedFlow<UserStateJson?>(replay = 1)

    override var userState: UserStateJson?
@@ -143,9 +149,11 @@ class AuthDiskSourceImpl(
        storeShouldUseKeyConnector(userId = userId, shouldUseKeyConnector = null)
        storeIsTdeLoginComplete(userId = userId, isTdeLoginComplete = null)
        storeAuthenticatorSyncUnlockKey(userId = userId, authenticatorSyncUnlockKey = null)
+        storeShowImportLogins(userId = userId, showImportLogins = null)

        // Do not remove the DeviceKey or PendingAuthRequest on logout, these are persisted
        // indefinitely unless the TDE flow explicitly removes them.
+        // Do not remove OnboardingStatus we want to keep track of this even after logout.
    }

    override fun getAuthenticatorSyncUnlockKey(userId: String): String? =
@@ -280,8 +288,13 @@ class AuthDiskSourceImpl(
            key = BIOMETRICS_UNLOCK_KEY.appendIdentifier(userId),
            value = biometricsKey,
        )
+        getMutableBiometricUnlockKeyFlow(userId).tryEmit(biometricsKey)
    }

+    override fun getUserBiometicUnlockKeyFlow(userId: String): Flow<String?> =
+        getMutableBiometricUnlockKeyFlow(userId)
+            .onSubscription { emit(getUserBiometricUnlockKey(userId = userId)) }
+
    override fun getPinProtectedUserKey(userId: String): String? =
        inMemoryPinProtectedUserKeys[userId]
            ?: getString(key = PIN_PROTECTED_USER_KEY_KEY.appendIdentifier(userId))
@@ -297,8 +310,13 @@ class AuthDiskSourceImpl(
            key = PIN_PROTECTED_USER_KEY_KEY.appendIdentifier(userId),
            value = pinProtectedUserKey,
        )
+        getMutablePinProtectedUserKeyFlow(userId).tryEmit(pinProtectedUserKey)
    }

+    override fun getPinProtectedUserKeyFlow(userId: String): Flow<String?> =
+        getMutablePinProtectedUserKeyFlow(userId)
+            .onSubscription { emit(getPinProtectedUserKey(userId = userId)) }
+
    override fun getTwoFactorToken(email: String): String? =
        getString(key = TWO_FACTOR_TOKEN_KEY.appendIdentifier(email))

@@ -437,6 +455,22 @@ class AuthDiskSourceImpl(
            .onSubscription { emit(getOnboardingStatus(userId = userId)) }
    }

+    override fun getShowImportLogins(userId: String): Boolean? {
+        return getBoolean(SHOW_IMPORT_LOGINS_KEY.appendIdentifier(userId))
+    }
+
+    override fun storeShowImportLogins(userId: String, showImportLogins: Boolean?) {
+        putBoolean(
+            key = SHOW_IMPORT_LOGINS_KEY.appendIdentifier(userId),
+            value = showImportLogins,
+        )
+        getMutableShowImportLoginsFlow(userId = userId).tryEmit(showImportLogins)
+    }
+
+    override fun getShowImportLoginsFlow(userId: String): Flow<Boolean?> =
+        getMutableShowImportLoginsFlow(userId)
+            .onSubscription { emit(getShowImportLogins(userId)) }
+
    private fun generateAndStoreUniqueAppId(): String =
        UUID
            .randomUUID()
@@ -480,6 +514,24 @@ class AuthDiskSourceImpl(
            bufferedMutableSharedFlow(replay = 1)
        }

+    private fun getMutableShowImportLoginsFlow(
+        userId: String,
+    ): MutableSharedFlow<Boolean?> = mutableShowImportLoginsFlowMap.getOrPut(userId) {
+        bufferedMutableSharedFlow(replay = 1)
+    }
+
+    private fun getMutableBiometricUnlockKeyFlow(
+        userId: String,
+    ): MutableSharedFlow<String?> = mutableBiometricUnlockKeyFlowMap.getOrPut(userId) {
+        bufferedMutableSharedFlow(replay = 1)
+    }
+
+    private fun getMutablePinProtectedUserKeyFlow(
+        userId: String,
+    ): MutableSharedFlow<String?> = mutablePinProtectedUserKeyFlowMap.getOrPut(userId) {
+        bufferedMutableSharedFlow(replay = 1)
+    }
+
    private fun migrateAccountTokens() {
        userState
            ?.accounts
--- a/app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/disk/model/PendingAuthRequestJson.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/disk/model/PendingAuthRequestJson.kt
@@ -7,13 +7,21 @@ import kotlinx.serialization.Serializable
 * Container for the user's API tokens.
 *
 * @property requestId The ID of the pending Auth Request.
- * @property requestPrivateKey The private of the pending Auth Request.
+ * @property requestPrivateKey The private key of the pending Auth Request.
+ * @property requestAccessCode The access code of the pending Auth Request.
+ * @property requestFingerprint The fingerprint of the pending Auth Request.
 */
@Serializable
 data class PendingAuthRequestJson(
-    @SerialName("Id")
+    @SerialName("id")
    val requestId: String,

-    @SerialName("PrivateKey")
+    @SerialName("privateKey")
    val requestPrivateKey: String,
+
+    @SerialName("accessCode")
+    val requestAccessCode: String,
+
+    @SerialName("fingerprint")
+    val requestFingerprint: String,
 )
--- a/app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/network/api/AuthenticatedAccountsApi.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/network/api/AuthenticatedAccountsApi.kt
@@ -5,6 +5,7 @@ import com.x8bit.bitwarden.data.auth.datasource.network.model.DeleteAccountReque
 import com.x8bit.bitwarden.data.auth.datasource.network.model.ResetPasswordRequestJson
 import com.x8bit.bitwarden.data.auth.datasource.network.model.SetPasswordRequestJson
 import com.x8bit.bitwarden.data.auth.datasource.network.model.VerifyOtpRequestJson
+import com.x8bit.bitwarden.data.platform.datasource.network.model.NetworkResult
 import retrofit2.http.Body
 import retrofit2.http.HTTP
 import retrofit2.http.POST
@@ -18,43 +19,43 @@ interface AuthenticatedAccountsApi {
     * Converts the currently active account to a key-connector account.
     */
    @POST("/accounts/convert-to-key-connector")
-    suspend fun convertToKeyConnector(): Result<Unit>
+    suspend fun convertToKeyConnector(): NetworkResult<Unit>

    /**
     * Creates the keys for the current account.
     */
    @POST("/accounts/keys")
-    suspend fun createAccountKeys(@Body body: CreateAccountKeysRequest): Result<Unit>
+    suspend fun createAccountKeys(@Body body: CreateAccountKeysRequest): NetworkResult<Unit>

    /**
     * Deletes the current account.
     */
    @HTTP(method = "DELETE", path = "/accounts", hasBody = true)
-    suspend fun deleteAccount(@Body body: DeleteAccountRequestJson): Result<Unit>
+    suspend fun deleteAccount(@Body body: DeleteAccountRequestJson): NetworkResult<Unit>

    @POST("/accounts/request-otp")
-    suspend fun requestOtp(): Result<Unit>
+    suspend fun requestOtp(): NetworkResult<Unit>

    @POST("/accounts/verify-otp")
    suspend fun verifyOtp(
        @Body body: VerifyOtpRequestJson,
-    ): Result<Unit>
+    ): NetworkResult<Unit>

    /**
     * Resets the temporary password.
     */
    @HTTP(method = "PUT", path = "/accounts/update-temp-password", hasBody = true)
-    suspend fun resetTempPassword(@Body body: ResetPasswordRequestJson): Result<Unit>
+    suspend fun resetTempPassword(@Body body: ResetPasswordRequestJson): NetworkResult<Unit>

    /**
     * Resets the password.
     */
    @HTTP(method = "POST", path = "/accounts/password", hasBody = true)
-    suspend fun resetPassword(@Body body: ResetPasswordRequestJson): Result<Unit>
+    suspend fun resetPassword(@Body body: ResetPasswordRequestJson): NetworkResult<Unit>

    /**
     * Sets the password.
     */
    @POST("/accounts/set-password")
-    suspend fun setPassword(@Body body: SetPasswordRequestJson): Result<Unit>
+    suspend fun setPassword(@Body body: SetPasswordRequestJson): NetworkResult<Unit>
 }
--- a/app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/network/api/AuthenticatedAuthRequestsApi.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/network/api/AuthenticatedAuthRequestsApi.kt
@@ -3,6 +3,7 @@ package com.x8bit.bitwarden.data.auth.datasource.network.api
 import com.x8bit.bitwarden.data.auth.datasource.network.model.AuthRequestRequestJson
 import com.x8bit.bitwarden.data.auth.datasource.network.model.AuthRequestUpdateRequestJson
 import com.x8bit.bitwarden.data.auth.datasource.network.model.AuthRequestsResponseJson
+import com.x8bit.bitwarden.data.platform.datasource.network.model.NetworkResult
 import retrofit2.http.Body
 import retrofit2.http.GET
 import retrofit2.http.Header
@@ -22,7 +23,7 @@ interface AuthenticatedAuthRequestsApi {
    suspend fun createAdminAuthRequest(
        @Header("Device-Identifier") deviceIdentifier: String,
        @Body body: AuthRequestRequestJson,
-    ): Result<AuthRequestsResponseJson.AuthRequest>
+    ): NetworkResult<AuthRequestsResponseJson.AuthRequest>

    /**
     * Updates an authentication request.
@@ -31,13 +32,13 @@ interface AuthenticatedAuthRequestsApi {
    suspend fun updateAuthRequest(
        @Path("id") userId: String,
        @Body body: AuthRequestUpdateRequestJson,
-    ): Result<AuthRequestsResponseJson.AuthRequest>
+    ): NetworkResult<AuthRequestsResponseJson.AuthRequest>

    /**
     * Gets a list of auth requests for this device.
     */
    @GET("/auth-requests")
-    suspend fun getAuthRequests(): Result<AuthRequestsResponseJson>
+    suspend fun getAuthRequests(): NetworkResult<AuthRequestsResponseJson>

    /**
     * Retrieves an existing authentication request by ID.
@@ -45,5 +46,5 @@ interface AuthenticatedAuthRequestsApi {
    @GET("/auth-requests/{requestId}")
    suspend fun getAuthRequest(
        @Path("requestId") requestId: String,
-    ): Result<AuthRequestsResponseJson.AuthRequest>
+    ): NetworkResult<AuthRequestsResponseJson.AuthRequest>
 }
--- a/app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/network/api/AuthenticatedDevicesApi.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/network/api/AuthenticatedDevicesApi.kt
@@ -3,6 +3,7 @@ package com.x8bit.bitwarden.data.auth.datasource.network.api
 import androidx.annotation.Keep
 import com.x8bit.bitwarden.data.auth.datasource.network.model.TrustedDeviceKeysRequestJson
 import com.x8bit.bitwarden.data.auth.datasource.network.model.TrustedDeviceKeysResponseJson
+import com.x8bit.bitwarden.data.platform.datasource.network.model.NetworkResult
 import retrofit2.http.Body
 import retrofit2.http.PUT
 import retrofit2.http.Path
@@ -16,5 +17,5 @@ interface AuthenticatedDevicesApi {
    suspend fun updateTrustedDeviceKeys(
        @Path(value = "appId") appId: String,
        @Body request: TrustedDeviceKeysRequestJson,
-    ): Result<TrustedDeviceKeysResponseJson>
+    ): NetworkResult<TrustedDeviceKeysResponseJson>
 }
--- a/app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/network/api/AuthenticatedKeyConnectorApi.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/network/api/AuthenticatedKeyConnectorApi.kt
@@ -2,6 +2,7 @@ package com.x8bit.bitwarden.data.auth.datasource.network.api

 import androidx.annotation.Keep
 import com.x8bit.bitwarden.data.auth.datasource.network.model.KeyConnectorMasterKeyRequestJson
+import com.x8bit.bitwarden.data.platform.datasource.network.model.NetworkResult
 import retrofit2.http.Body
 import retrofit2.http.POST
 import retrofit2.http.Url
@@ -15,5 +16,5 @@ interface AuthenticatedKeyConnectorApi {
    suspend fun storeMasterKeyToKeyConnector(
        @Url url: String,
        @Body body: KeyConnectorMasterKeyRequestJson,
-    ): Result<Unit>
+    ): NetworkResult<Unit>
 }
--- a/app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/network/api/AuthenticatedOrganizationApi.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/network/api/AuthenticatedOrganizationApi.kt
@@ -3,6 +3,7 @@ package com.x8bit.bitwarden.data.auth.datasource.network.api
 import com.x8bit.bitwarden.data.auth.datasource.network.model.OrganizationAutoEnrollStatusResponseJson
 import com.x8bit.bitwarden.data.auth.datasource.network.model.OrganizationKeysResponseJson
 import com.x8bit.bitwarden.data.auth.datasource.network.model.OrganizationResetPasswordEnrollRequestJson
+import com.x8bit.bitwarden.data.platform.datasource.network.model.NetworkResult
 import retrofit2.http.Body
 import retrofit2.http.GET
 import retrofit2.http.PUT
@@ -20,7 +21,7 @@ interface AuthenticatedOrganizationApi {
        @Path("orgId") organizationId: String,
        @Path("userId") userId: String,
        @Body body: OrganizationResetPasswordEnrollRequestJson,
-    ): Result<Unit>
+    ): NetworkResult<Unit>

    /**
     * Checks whether this organization auto enrolls users in password reset.
@@ -28,7 +29,7 @@ interface AuthenticatedOrganizationApi {
    @GET("/organizations/{identifier}/auto-enroll-status")
    suspend fun getOrganizationAutoEnrollResponse(
        @Path("identifier") organizationIdentifier: String,
-    ): Result<OrganizationAutoEnrollStatusResponseJson>
+    ): NetworkResult<OrganizationAutoEnrollStatusResponseJson>

    /**
     * Gets the public and private keys for this organization.
@@ -36,5 +37,5 @@ interface AuthenticatedOrganizationApi {
    @GET("/organizations/{id}/keys")
    suspend fun getOrganizationKeys(
        @Path("id") organizationId: String,
-    ): Result<OrganizationKeysResponseJson>
+    ): NetworkResult<OrganizationKeysResponseJson>
 }
--- a/app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/network/api/HaveIBeenPwnedApi.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/network/api/HaveIBeenPwnedApi.kt
@@ -1,5 +1,6 @@
 package com.x8bit.bitwarden.data.auth.datasource.network.api

+import com.x8bit.bitwarden.data.platform.datasource.network.model.NetworkResult
 import okhttp3.ResponseBody
 import retrofit2.http.GET
 import retrofit2.http.Path
@@ -14,5 +15,5 @@ interface HaveIBeenPwnedApi {
    suspend fun fetchBreachedPasswords(
        @Path("hashPrefix")
        hashPrefix: String,
-    ): Result<ResponseBody>
+    ): NetworkResult<ResponseBody>
 }
--- a/app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/network/api/UnauthenticatedAccountsApi.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/network/api/UnauthenticatedAccountsApi.kt
@@ -3,6 +3,7 @@ package com.x8bit.bitwarden.data.auth.datasource.network.api
 import com.x8bit.bitwarden.data.auth.datasource.network.model.KeyConnectorKeyRequestJson
 import com.x8bit.bitwarden.data.auth.datasource.network.model.PasswordHintRequestJson
 import com.x8bit.bitwarden.data.auth.datasource.network.model.ResendEmailRequestJson
+import com.x8bit.bitwarden.data.platform.datasource.network.model.NetworkResult
 import com.x8bit.bitwarden.data.platform.datasource.network.util.HEADER_KEY_AUTHORIZATION
 import retrofit2.http.Body
 import retrofit2.http.Header
@@ -15,16 +16,16 @@ interface UnauthenticatedAccountsApi {
    @POST("/accounts/password-hint")
    suspend fun passwordHintRequest(
        @Body body: PasswordHintRequestJson,
-    ): Result<Unit>
+    ): NetworkResult<Unit>

    @POST("/two-factor/send-email-login")
    suspend fun resendVerificationCodeEmail(
        @Body body: ResendEmailRequestJson,
-    ): Result<Unit>
+    ): NetworkResult<Unit>

    @POST("/accounts/set-key-connector-key")
    suspend fun setKeyConnectorKey(
        @Body body: KeyConnectorKeyRequestJson,
        @Header(HEADER_KEY_AUTHORIZATION) bearerToken: String,
-    ): Result<Unit>
+    ): NetworkResult<Unit>
 }
--- a/app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/network/api/UnauthenticatedAuthRequestsApi.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/network/api/UnauthenticatedAuthRequestsApi.kt
@@ -2,6 +2,7 @@ package com.x8bit.bitwarden.data.auth.datasource.network.api

 import com.x8bit.bitwarden.data.auth.datasource.network.model.AuthRequestRequestJson
 import com.x8bit.bitwarden.data.auth.datasource.network.model.AuthRequestsResponseJson
+import com.x8bit.bitwarden.data.platform.datasource.network.model.NetworkResult
 import retrofit2.http.Body
 import retrofit2.http.GET
 import retrofit2.http.Header
@@ -21,7 +22,7 @@ interface UnauthenticatedAuthRequestsApi {
    suspend fun createAuthRequest(
        @Header("Device-Identifier") deviceIdentifier: String,
        @Body body: AuthRequestRequestJson,
-    ): Result<AuthRequestsResponseJson.AuthRequest>
+    ): NetworkResult<AuthRequestsResponseJson.AuthRequest>

    /**
     * Queries for updates to a given auth request.
@@ -30,5 +31,5 @@ interface UnauthenticatedAuthRequestsApi {
    suspend fun getAuthRequestUpdate(
        @Path("requestId") requestId: String,
        @Query("code") accessCode: String,
-    ): Result<AuthRequestsResponseJson.AuthRequest>
+    ): NetworkResult<AuthRequestsResponseJson.AuthRequest>
 }
--- a/app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/network/api/UnauthenticatedDevicesApi.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/network/api/UnauthenticatedDevicesApi.kt
@@ -1,5 +1,6 @@
 package com.x8bit.bitwarden.data.auth.datasource.network.api

+import com.x8bit.bitwarden.data.platform.datasource.network.model.NetworkResult
 import retrofit2.http.GET
 import retrofit2.http.Header

@@ -11,5 +12,5 @@ interface UnauthenticatedDevicesApi {
    suspend fun getIsKnownDevice(
        @Header(value = "X-Request-Email") emailAddress: String,
        @Header(value = "X-Device-Identifier") deviceId: String,
-    ): Result<Boolean>
+    ): NetworkResult<Boolean>
 }
--- a/app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/network/api/UnauthenticatedIdentityApi.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/network/api/UnauthenticatedIdentityApi.kt
@@ -10,6 +10,7 @@ import com.x8bit.bitwarden.data.auth.datasource.network.model.RegisterRequestJso
 import com.x8bit.bitwarden.data.auth.datasource.network.model.RegisterResponseJson
 import com.x8bit.bitwarden.data.auth.datasource.network.model.SendVerificationEmailRequestJson
 import com.x8bit.bitwarden.data.auth.datasource.network.model.VerifyEmailTokenRequestJson
+import com.x8bit.bitwarden.data.platform.datasource.network.model.NetworkResult
 import kotlinx.serialization.json.JsonPrimitive
 import retrofit2.Call
 import retrofit2.http.Body
@@ -46,12 +47,12 @@ interface UnauthenticatedIdentityApi {
        @Field(value = "twoFactorProvider") twoFactorMethod: String?,
        @Field(value = "twoFactorRemember") twoFactorRemember: String?,
        @Field(value = "authRequest") authRequestId: String?,
-    ): Result<GetTokenResponseJson.Success>
+    ): NetworkResult<GetTokenResponseJson.Success>

    @GET("/sso/prevalidate")
    suspend fun prevalidateSso(
        @Query("domainHint") organizationIdentifier: String,
-    ): Result<PrevalidateSsoResponseJson>
+    ): NetworkResult<PrevalidateSsoResponseJson>

    /**
     * This call needs to be synchronous so we need it to return a [Call] directly. The identity
@@ -66,23 +67,25 @@ interface UnauthenticatedIdentityApi {
    ): Call<RefreshTokenResponseJson>

    @POST("/accounts/prelogin")
-    suspend fun preLogin(@Body body: PreLoginRequestJson): Result<PreLoginResponseJson>
+    suspend fun preLogin(@Body body: PreLoginRequestJson): NetworkResult<PreLoginResponseJson>

    @POST("/accounts/register")
-    suspend fun register(@Body body: RegisterRequestJson): Result<RegisterResponseJson.Success>
+    suspend fun register(
+        @Body body: RegisterRequestJson,
+    ): NetworkResult<RegisterResponseJson.Success>

    @POST("/accounts/register/finish")
    suspend fun registerFinish(
        @Body body: RegisterFinishRequestJson,
-    ): Result<RegisterResponseJson.Success>
+    ): NetworkResult<RegisterResponseJson.Success>

    @POST("/accounts/register/send-verification-email")
    suspend fun sendVerificationEmail(
        @Body body: SendVerificationEmailRequestJson,
-    ): Result<JsonPrimitive?>
+    ): NetworkResult<JsonPrimitive?>

    @POST("/accounts/register/verification-email-clicked")
    suspend fun verifyEmailToken(
        @Body body: VerifyEmailTokenRequestJson,
-    ): Result<Unit>
+    ): NetworkResult<Unit>
 }
--- a/app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/network/api/UnauthenticatedKeyConnectorApi.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/network/api/UnauthenticatedKeyConnectorApi.kt
@@ -3,6 +3,7 @@ package com.x8bit.bitwarden.data.auth.datasource.network.api
 import androidx.annotation.Keep
 import com.x8bit.bitwarden.data.auth.datasource.network.model.KeyConnectorMasterKeyRequestJson
 import com.x8bit.bitwarden.data.auth.datasource.network.model.KeyConnectorMasterKeyResponseJson
+import com.x8bit.bitwarden.data.platform.datasource.network.model.NetworkResult
 import com.x8bit.bitwarden.data.platform.datasource.network.util.HEADER_KEY_AUTHORIZATION
 import retrofit2.http.Body
 import retrofit2.http.GET
@@ -20,11 +21,11 @@ interface UnauthenticatedKeyConnectorApi {
        @Url url: String,
        @Header(HEADER_KEY_AUTHORIZATION) bearerToken: String,
        @Body body: KeyConnectorMasterKeyRequestJson,
-    ): Result<Unit>
+    ): NetworkResult<Unit>

    @GET
    suspend fun getMasterKeyFromKeyConnector(
        @Url url: String,
        @Header(HEADER_KEY_AUTHORIZATION) bearerToken: String,
-    ): Result<KeyConnectorMasterKeyResponseJson>
+    ): NetworkResult<KeyConnectorMasterKeyResponseJson>
 }
--- a/app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/network/api/UnauthenticatedOrganizationApi.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/network/api/UnauthenticatedOrganizationApi.kt
@@ -2,6 +2,9 @@ package com.x8bit.bitwarden.data.auth.datasource.network.api

 import com.x8bit.bitwarden.data.auth.datasource.network.model.OrganizationDomainSsoDetailsRequestJson
 import com.x8bit.bitwarden.data.auth.datasource.network.model.OrganizationDomainSsoDetailsResponseJson
+import com.x8bit.bitwarden.data.auth.datasource.network.model.VerifiedOrganizationDomainSsoDetailsRequest
+import com.x8bit.bitwarden.data.auth.datasource.network.model.VerifiedOrganizationDomainSsoDetailsResponse
+import com.x8bit.bitwarden.data.platform.datasource.network.model.NetworkResult
 import retrofit2.http.Body
 import retrofit2.http.POST

@@ -15,5 +18,13 @@ interface UnauthenticatedOrganizationApi {
    @POST("/organizations/domain/sso/details")
    suspend fun getClaimedDomainOrganizationDetails(
        @Body body: OrganizationDomainSsoDetailsRequestJson,
-    ): Result<OrganizationDomainSsoDetailsResponseJson>
+    ): NetworkResult<OrganizationDomainSsoDetailsResponseJson>
+
+    /**
+     * Checks for the verfied organization domains of an email for SSO purposes.
+     */
+    @POST("/organizations/domain/sso/verified")
+    suspend fun getVerifiedOrganizationDomainsByEmail(
+        @Body body: VerifiedOrganizationDomainSsoDetailsRequest,
+    ): NetworkResult<VerifiedOrganizationDomainSsoDetailsResponse>
 }
--- a/app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/network/model/GetTokenResponseJson.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/network/model/GetTokenResponseJson.kt
@@ -96,9 +96,17 @@ sealed class GetTokenResponseJson {
    @Serializable
    data class Invalid(
        @SerialName("ErrorModel")
-        val errorModel: ErrorModel,
+        val errorModel: ErrorModel?,
+        @SerialName("errorModel")
+        val legacyErrorModel: LegacyErrorModel?,
    ) : GetTokenResponseJson() {

+        /**
+         * The error message returned from the server, or null.
+         */
+        val errorMessage: String?
+            get() = errorModel?.errorMessage ?: legacyErrorModel?.errorMessage
+
        /**
         * The error body of an invalid request containing a message.
         */
@@ -107,6 +115,18 @@ sealed class GetTokenResponseJson {
            @SerialName("Message")
            val errorMessage: String,
        )
+
+        /**
+         * The legacy error body of an invalid request containing a message.
+         *
+         * This model is used to support older versions of the error response model that used
+         * lower-case keys.
+         */
+        @Serializable
+        data class LegacyErrorModel(
+            @SerialName("message")
+            val errorMessage: String,
+        )
    }

    /**
--- a/app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/network/model/OrganizationDomainSsoDetailsResponseJson.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/network/model/OrganizationDomainSsoDetailsResponseJson.kt
@@ -1,16 +1,26 @@
 package com.x8bit.bitwarden.data.auth.datasource.network.model

+import kotlinx.serialization.Contextual
 import kotlinx.serialization.SerialName
 import kotlinx.serialization.Serializable
+import java.time.ZonedDateTime

 /**
 * Response object returned when requesting organization domain SSO details.
 *
 * @property isSsoAvailable Whether or not SSO is available for this domain.
 * @property organizationIdentifier The organization's identifier.
+ * @property verifiedDate The date the domain was verified.
 */
@Serializable
 data class OrganizationDomainSsoDetailsResponseJson(
-    @SerialName("ssoAvailable") val isSsoAvailable: Boolean,
-    @SerialName("organizationIdentifier") val organizationIdentifier: String,
+    @SerialName("ssoAvailable")
+    val isSsoAvailable: Boolean,
+
+    @SerialName("organizationIdentifier")
+    val organizationIdentifier: String,
+
+    @SerialName("verifiedDate")
+    @Contextual
+    val verifiedDate: ZonedDateTime?,
 )
--- a/app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/network/model/VerifiedOrganizationDomainSsoDetailsRequest.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/network/model/VerifiedOrganizationDomainSsoDetailsRequest.kt
@@ -0,0 +1,14 @@
+package com.x8bit.bitwarden.data.auth.datasource.network.model
+
+import kotlinx.serialization.SerialName
+import kotlinx.serialization.Serializable
+
+/**
+ * Request body object when retrieving organization verified domain SSO info.
+ *
+ * @param email The email address to check against.
+ */
+@Serializable
+data class VerifiedOrganizationDomainSsoDetailsRequest(
+    @SerialName("email") val email: String,
+)
--- a/app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/network/model/VerifiedOrganizationDomainSsoDetailsResponse.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/network/model/VerifiedOrganizationDomainSsoDetailsResponse.kt
@@ -0,0 +1,35 @@
+package com.x8bit.bitwarden.data.auth.datasource.network.model
+
+import kotlinx.serialization.SerialName
+import kotlinx.serialization.Serializable
+
+/**
+ * Response object returned when requesting organization verified domain SSO details.
+ *
+ * @property verifiedOrganizationDomainSsoDetails The list of verified organization domain SSO
+ * details.
+ */
+@Serializable
+data class VerifiedOrganizationDomainSsoDetailsResponse(
+    @SerialName("data")
+    val verifiedOrganizationDomainSsoDetails: List<VerifiedOrganizationDomainSsoDetail>,
+) {
+    /**
+     * Response body for an organization verified domain SSO details.
+     *
+     * @property organizationName The name of the organization.
+     * @property organizationIdentifier The identifier of the organization.
+     * @property domainName The name of the domain.
+     */
+    @Serializable
+    data class VerifiedOrganizationDomainSsoDetail(
+        @SerialName("organizationName")
+        val organizationName: String,
+
+        @SerialName("organizationIdentifier")
+        val organizationIdentifier: String,
+
+        @SerialName("domainName")
+        val domainName: String,
+    )
+}
--- a/app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/network/service/AccountsServiceImpl.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/network/service/AccountsServiceImpl.kt
@@ -19,6 +19,7 @@ import com.x8bit.bitwarden.data.auth.datasource.network.model.VerifyOtpRequestJs
 import com.x8bit.bitwarden.data.platform.datasource.network.model.toBitwardenError
 import com.x8bit.bitwarden.data.platform.datasource.network.util.HEADER_VALUE_BEARER_PREFIX
 import com.x8bit.bitwarden.data.platform.datasource.network.util.parseErrorBodyOrNull
+import com.x8bit.bitwarden.data.platform.datasource.network.util.toResult
 import kotlinx.serialization.json.Json

 /**
@@ -37,18 +38,22 @@ class AccountsServiceImpl(
     * Converts the currently active account to a key-connector account.
     */
    override suspend fun convertToKeyConnector(): Result<Unit> =
-        authenticatedAccountsApi.convertToKeyConnector()
+        authenticatedAccountsApi
+            .convertToKeyConnector()
+            .toResult()

    override suspend fun createAccountKeys(
        publicKey: String,
        encryptedPrivateKey: String,
    ): Result<Unit> =
-        authenticatedAccountsApi.createAccountKeys(
-            body = CreateAccountKeysRequest(
-                publicKey = publicKey,
-                encryptedPrivateKey = encryptedPrivateKey,
-            ),
-        )
+        authenticatedAccountsApi
+            .createAccountKeys(
+                body = CreateAccountKeysRequest(
+                    publicKey = publicKey,
+                    encryptedPrivateKey = encryptedPrivateKey,
+                ),
+            )
+            .toResult()

    override suspend fun deleteAccount(
        masterPasswordHash: String?,
@@ -61,9 +66,8 @@ class AccountsServiceImpl(
                    oneTimePassword = oneTimePassword,
                ),
            )
-            .map {
-                DeleteAccountResponseJson.Success
-            }
+            .toResult()
+            .map { DeleteAccountResponseJson.Success }
            .recoverCatching { throwable ->
                throwable
                    .toBitwardenError()
@@ -75,20 +79,25 @@ class AccountsServiceImpl(
            }

    override suspend fun requestOneTimePasscode(): Result<Unit> =
-        authenticatedAccountsApi.requestOtp()
+        authenticatedAccountsApi
+            .requestOtp()
+            .toResult()

    override suspend fun verifyOneTimePasscode(passcode: String): Result<Unit> =
-        authenticatedAccountsApi.verifyOtp(
-            VerifyOtpRequestJson(
-                oneTimePasscode = passcode,
-            ),
-        )
+        authenticatedAccountsApi
+            .verifyOtp(
+                VerifyOtpRequestJson(
+                    oneTimePasscode = passcode,
+                ),
+            )
+            .toResult()

    override suspend fun requestPasswordHint(
        email: String,
    ): Result<PasswordHintResponseJson> =
        unauthenticatedAccountsApi
            .passwordHintRequest(PasswordHintRequestJson(email))
+            .toResult()
            .map { PasswordHintResponseJson.Success }
            .recoverCatching { throwable ->
                throwable
@@ -101,54 +110,70 @@ class AccountsServiceImpl(
            }

    override suspend fun resendVerificationCodeEmail(body: ResendEmailRequestJson): Result<Unit> =
-        unauthenticatedAccountsApi.resendVerificationCodeEmail(body = body)
+        unauthenticatedAccountsApi
+            .resendVerificationCodeEmail(body = body)
+            .toResult()

-    override suspend fun resetPassword(body: ResetPasswordRequestJson): Result<Unit> {
-        return if (body.currentPasswordHash == null) {
-            authenticatedAccountsApi.resetTempPassword(body = body)
+    override suspend fun resetPassword(body: ResetPasswordRequestJson): Result<Unit> =
+        if (body.currentPasswordHash == null) {
+            authenticatedAccountsApi
+                .resetTempPassword(body = body)
+                .toResult()
        } else {
-            authenticatedAccountsApi.resetPassword(body = body)
+            authenticatedAccountsApi
+                .resetPassword(body = body)
+                .toResult()
        }
-    }

    override suspend fun setKeyConnectorKey(
        accessToken: String,
        body: KeyConnectorKeyRequestJson,
-    ): Result<Unit> = unauthenticatedAccountsApi.setKeyConnectorKey(
-        body = body,
-        bearerToken = "$HEADER_VALUE_BEARER_PREFIX$accessToken",
-    )
+    ): Result<Unit> =
+        unauthenticatedAccountsApi
+            .setKeyConnectorKey(
+                body = body,
+                bearerToken = "$HEADER_VALUE_BEARER_PREFIX$accessToken",
+            )
+            .toResult()

    override suspend fun setPassword(
        body: SetPasswordRequestJson,
-    ): Result<Unit> = authenticatedAccountsApi.setPassword(body)
+    ): Result<Unit> = authenticatedAccountsApi
+        .setPassword(body)
+        .toResult()

    override suspend fun getMasterKeyFromKeyConnector(
        url: String,
        accessToken: String,
    ): Result<KeyConnectorMasterKeyResponseJson> =
-        unauthenticatedKeyConnectorApi.getMasterKeyFromKeyConnector(
-            url = "$url/user-keys",
-            bearerToken = "$HEADER_VALUE_BEARER_PREFIX$accessToken",
-        )
+        unauthenticatedKeyConnectorApi
+            .getMasterKeyFromKeyConnector(
+                url = "$url/user-keys",
+                bearerToken = "$HEADER_VALUE_BEARER_PREFIX$accessToken",
+            )
+            .toResult()

    override suspend fun storeMasterKeyToKeyConnector(
        url: String,
        masterKey: String,
    ): Result<Unit> =
-        authenticatedKeyConnectorApi.storeMasterKeyToKeyConnector(
-            url = "$url/user-keys",
-            body = KeyConnectorMasterKeyRequestJson(masterKey = masterKey),
-        )
+        authenticatedKeyConnectorApi
+            .storeMasterKeyToKeyConnector(
+                url = "$url/user-keys",
+                body = KeyConnectorMasterKeyRequestJson(masterKey = masterKey),
+            )
+            .toResult()

    override suspend fun storeMasterKeyToKeyConnector(
        url: String,
        accessToken: String,
        masterKey: String,
    ): Result<Unit> =
-        unauthenticatedKeyConnectorApi.storeMasterKeyToKeyConnector(
-            url = "$url/user-keys",
-            bearerToken = "$HEADER_VALUE_BEARER_PREFIX$accessToken",
-            body = KeyConnectorMasterKeyRequestJson(masterKey = masterKey),
-        )
+        unauthenticatedKeyConnectorApi
+            .storeMasterKeyToKeyConnector(
+                url = "$url/user-keys",
+                bearerToken = "$HEADER_VALUE_BEARER_PREFIX$accessToken",
+                body = KeyConnectorMasterKeyRequestJson(masterKey = masterKey),
+            )
+            .toResult()
 }
--- a/app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/network/service/AuthRequestsServiceImpl.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/network/service/AuthRequestsServiceImpl.kt
@@ -3,17 +3,22 @@ package com.x8bit.bitwarden.data.auth.datasource.network.service
 import com.x8bit.bitwarden.data.auth.datasource.network.api.AuthenticatedAuthRequestsApi
 import com.x8bit.bitwarden.data.auth.datasource.network.model.AuthRequestUpdateRequestJson
 import com.x8bit.bitwarden.data.auth.datasource.network.model.AuthRequestsResponseJson
+import com.x8bit.bitwarden.data.platform.datasource.network.util.toResult

 class AuthRequestsServiceImpl(
    private val authenticatedAuthRequestsApi: AuthenticatedAuthRequestsApi,
 ) : AuthRequestsService {
    override suspend fun getAuthRequests(): Result<AuthRequestsResponseJson> =
-        authenticatedAuthRequestsApi.getAuthRequests()
+        authenticatedAuthRequestsApi
+            .getAuthRequests()
+            .toResult()

    override suspend fun getAuthRequest(
        requestId: String,
    ): Result<AuthRequestsResponseJson.AuthRequest> =
-        authenticatedAuthRequestsApi.getAuthRequest(requestId = requestId)
+        authenticatedAuthRequestsApi
+            .getAuthRequest(requestId = requestId)
+            .toResult()

    override suspend fun updateAuthRequest(
        requestId: String,
@@ -22,13 +27,15 @@ class AuthRequestsServiceImpl(
        deviceId: String,
        isApproved: Boolean,
    ): Result<AuthRequestsResponseJson.AuthRequest> =
-        authenticatedAuthRequestsApi.updateAuthRequest(
-            userId = requestId,
-            body = AuthRequestUpdateRequestJson(
-                key = key,
-                masterPasswordHash = masterPasswordHash,
-                deviceId = deviceId,
-                isApproved = isApproved,
-            ),
-        )
+        authenticatedAuthRequestsApi
+            .updateAuthRequest(
+                userId = requestId,
+                body = AuthRequestUpdateRequestJson(
+                    key = key,
+                    masterPasswordHash = masterPasswordHash,
+                    deviceId = deviceId,
+                    isApproved = isApproved,
+                ),
+            )
+            .toResult()
 }
--- a/app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/network/service/DevicesServiceImpl.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/network/service/DevicesServiceImpl.kt
@@ -5,6 +5,7 @@ import com.x8bit.bitwarden.data.auth.datasource.network.api.UnauthenticatedDevic
 import com.x8bit.bitwarden.data.auth.datasource.network.model.TrustedDeviceKeysRequestJson
 import com.x8bit.bitwarden.data.auth.datasource.network.model.TrustedDeviceKeysResponseJson
 import com.x8bit.bitwarden.data.platform.datasource.network.util.base64UrlEncode
+import com.x8bit.bitwarden.data.platform.datasource.network.util.toResult

 class DevicesServiceImpl(
    private val authenticatedDevicesApi: AuthenticatedDevicesApi,
@@ -13,22 +14,26 @@ class DevicesServiceImpl(
    override suspend fun getIsKnownDevice(
        emailAddress: String,
        deviceId: String,
-    ): Result<Boolean> = unauthenticatedDevicesApi.getIsKnownDevice(
-        emailAddress = emailAddress.base64UrlEncode(),
-        deviceId = deviceId,
-    )
+    ): Result<Boolean> = unauthenticatedDevicesApi
+        .getIsKnownDevice(
+            emailAddress = emailAddress.base64UrlEncode(),
+            deviceId = deviceId,
+        )
+        .toResult()

    override suspend fun trustDevice(
        appId: String,
        encryptedUserKey: String,
        encryptedDevicePublicKey: String,
        encryptedDevicePrivateKey: String,
-    ): Result<TrustedDeviceKeysResponseJson> = authenticatedDevicesApi.updateTrustedDeviceKeys(
-        appId = appId,
-        request = TrustedDeviceKeysRequestJson(
-            encryptedUserKey = encryptedUserKey,
-            encryptedDevicePublicKey = encryptedDevicePublicKey,
-            encryptedDevicePrivateKey = encryptedDevicePrivateKey,
-        ),
-    )
+    ): Result<TrustedDeviceKeysResponseJson> = authenticatedDevicesApi
+        .updateTrustedDeviceKeys(
+            appId = appId,
+            request = TrustedDeviceKeysRequestJson(
+                encryptedUserKey = encryptedUserKey,
+                encryptedDevicePublicKey = encryptedDevicePublicKey,
+                encryptedDevicePrivateKey = encryptedDevicePrivateKey,
+            ),
+        )
+        .toResult()
 }
--- a/app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/network/service/HaveIBeenPwnedServiceImpl.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/network/service/HaveIBeenPwnedServiceImpl.kt
@@ -1,6 +1,7 @@
 package com.x8bit.bitwarden.data.auth.datasource.network.service

 import com.x8bit.bitwarden.data.auth.datasource.network.api.HaveIBeenPwnedApi
+import com.x8bit.bitwarden.data.platform.datasource.network.util.toResult
 import java.security.MessageDigest

 class HaveIBeenPwnedServiceImpl(private val api: HaveIBeenPwnedApi) : HaveIBeenPwnedService {
@@ -17,6 +18,7 @@ class HaveIBeenPwnedServiceImpl(private val api: HaveIBeenPwnedApi) : HaveIBeenP

        return api
            .fetchBreachedPasswords(hashPrefix = hashPrefix)
+            .toResult()
            .mapCatching { responseBody ->
                responseBody.string()
                    // First split the response by newline: each hashed password is on a new line.
--- a/app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/network/service/IdentityServiceImpl.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/network/service/IdentityServiceImpl.kt
@@ -16,8 +16,9 @@ import com.x8bit.bitwarden.data.auth.datasource.network.model.VerifyEmailTokenRe
 import com.x8bit.bitwarden.data.auth.datasource.network.model.VerifyEmailTokenResponseJson
 import com.x8bit.bitwarden.data.platform.datasource.network.model.toBitwardenError
 import com.x8bit.bitwarden.data.platform.datasource.network.util.base64UrlEncode
-import com.x8bit.bitwarden.data.platform.datasource.network.util.executeForResult
+import com.x8bit.bitwarden.data.platform.datasource.network.util.executeForNetworkResult
 import com.x8bit.bitwarden.data.platform.datasource.network.util.parseErrorBodyOrNull
+import com.x8bit.bitwarden.data.platform.datasource.network.util.toResult
 import com.x8bit.bitwarden.data.platform.util.DeviceModelProvider
 import kotlinx.serialization.json.Json

@@ -28,12 +29,15 @@ class IdentityServiceImpl(
 ) : IdentityService {

    override suspend fun preLogin(email: String): Result<PreLoginResponseJson> =
-        unauthenticatedIdentityApi.preLogin(PreLoginRequestJson(email = email))
+        unauthenticatedIdentityApi
+            .preLogin(PreLoginRequestJson(email = email))
+            .toResult()

    @Suppress("MagicNumber")
    override suspend fun register(body: RegisterRequestJson): Result<RegisterResponseJson> =
        unauthenticatedIdentityApi
            .register(body)
+            .toResult()
            .recoverCatching { throwable ->
                val bitwardenError = throwable.toBitwardenError()
                bitwardenError
@@ -75,6 +79,7 @@ class IdentityServiceImpl(
            captchaResponse = captchaToken,
            authRequestId = authModel.authRequestId,
        )
+        .toResult()
        .recoverCatching { throwable ->
            val bitwardenError = throwable.toBitwardenError()
            bitwardenError.parseErrorBodyOrNull<GetTokenResponseJson.CaptchaRequired>(
@@ -95,6 +100,7 @@ class IdentityServiceImpl(
        .prevalidateSso(
            organizationIdentifier = organizationIdentifier,
        )
+        .toResult()

    override fun refreshTokenSynchronously(
        refreshToken: String,
@@ -104,7 +110,8 @@ class IdentityServiceImpl(
            grantType = "refresh_token",
            refreshToken = refreshToken,
        )
-        .executeForResult()
+        .executeForNetworkResult()
+        .toResult()

    @Suppress("MagicNumber")
    override suspend fun registerFinish(
@@ -112,6 +119,7 @@ class IdentityServiceImpl(
    ): Result<RegisterResponseJson> =
        unauthenticatedIdentityApi
            .registerFinish(body)
+            .toResult()
            .recoverCatching { throwable ->
                val bitwardenError = throwable.toBitwardenError()
                bitwardenError
@@ -127,6 +135,7 @@ class IdentityServiceImpl(
    ): Result<String?> {
        return unauthenticatedIdentityApi
            .sendVerificationEmail(body = body)
+            .toResult()
            .map { it?.content }
    }

@@ -136,9 +145,8 @@ class IdentityServiceImpl(
        .verifyEmailToken(
            body = body,
        )
-        .map {
-            VerifyEmailTokenResponseJson.Valid
-        }
+        .toResult()
+        .map { VerifyEmailTokenResponseJson.Valid }
        .recoverCatching { throwable ->
            val bitwardenError = throwable.toBitwardenError()
            bitwardenError
--- a/app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/network/service/NewAuthRequestServiceImpl.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/network/service/NewAuthRequestServiceImpl.kt
@@ -5,6 +5,7 @@ import com.x8bit.bitwarden.data.auth.datasource.network.api.UnauthenticatedAuthR
 import com.x8bit.bitwarden.data.auth.datasource.network.model.AuthRequestRequestJson
 import com.x8bit.bitwarden.data.auth.datasource.network.model.AuthRequestTypeJson
 import com.x8bit.bitwarden.data.auth.datasource.network.model.AuthRequestsResponseJson
+import com.x8bit.bitwarden.data.platform.datasource.network.util.toResult
 import com.x8bit.bitwarden.data.platform.util.asFailure

 /**
@@ -24,17 +25,19 @@ class NewAuthRequestServiceImpl(
    ): Result<AuthRequestsResponseJson.AuthRequest> =
        when (authRequestType) {
            AuthRequestTypeJson.LOGIN_WITH_DEVICE -> {
-                unauthenticatedAuthRequestsApi.createAuthRequest(
-                    deviceIdentifier = deviceId,
-                    body = AuthRequestRequestJson(
-                        email = email,
-                        publicKey = publicKey,
-                        deviceId = deviceId,
-                        accessCode = accessCode,
-                        fingerprint = fingerprint,
-                        type = authRequestType,
-                    ),
-                )
+                unauthenticatedAuthRequestsApi
+                    .createAuthRequest(
+                        deviceIdentifier = deviceId,
+                        body = AuthRequestRequestJson(
+                            email = email,
+                            publicKey = publicKey,
+                            deviceId = deviceId,
+                            accessCode = accessCode,
+                            fingerprint = fingerprint,
+                            type = authRequestType,
+                        ),
+                    )
+                    .toResult()
            }

            AuthRequestTypeJson.UNLOCK -> {
@@ -43,17 +46,19 @@ class NewAuthRequestServiceImpl(
            }

            AuthRequestTypeJson.ADMIN_APPROVAL -> {
-                authenticatedAuthRequestsApi.createAdminAuthRequest(
-                    deviceIdentifier = deviceId,
-                    body = AuthRequestRequestJson(
-                        email = email,
-                        publicKey = publicKey,
-                        deviceId = deviceId,
-                        accessCode = accessCode,
-                        fingerprint = fingerprint,
-                        type = authRequestType,
-                    ),
-                )
+                authenticatedAuthRequestsApi
+                    .createAdminAuthRequest(
+                        deviceIdentifier = deviceId,
+                        body = AuthRequestRequestJson(
+                            email = email,
+                            publicKey = publicKey,
+                            deviceId = deviceId,
+                            accessCode = accessCode,
+                            fingerprint = fingerprint,
+                            type = authRequestType,
+                        ),
+                    )
+                    .toResult()
            }
        }

@@ -63,11 +68,15 @@ class NewAuthRequestServiceImpl(
        isSso: Boolean,
    ): Result<AuthRequestsResponseJson.AuthRequest> =
        if (isSso) {
-            authenticatedAuthRequestsApi.getAuthRequest(requestId)
+            authenticatedAuthRequestsApi
+                .getAuthRequest(requestId = requestId)
+                .toResult()
        } else {
-            unauthenticatedAuthRequestsApi.getAuthRequestUpdate(
-                requestId = requestId,
-                accessCode = accessCode,
-            )
+            unauthenticatedAuthRequestsApi
+                .getAuthRequestUpdate(
+                    requestId = requestId,
+                    accessCode = accessCode,
+                )
+                .toResult()
        }
 }
--- a/app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/network/service/OrganizationService.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/network/service/OrganizationService.kt
@@ -3,6 +3,7 @@ package com.x8bit.bitwarden.data.auth.datasource.network.service
 import com.x8bit.bitwarden.data.auth.datasource.network.model.OrganizationAutoEnrollStatusResponseJson
 import com.x8bit.bitwarden.data.auth.datasource.network.model.OrganizationDomainSsoDetailsResponseJson
 import com.x8bit.bitwarden.data.auth.datasource.network.model.OrganizationKeysResponseJson
+import com.x8bit.bitwarden.data.auth.datasource.network.model.VerifiedOrganizationDomainSsoDetailsResponse

 /**
 * Provides an API for querying organization endpoints.
@@ -38,4 +39,12 @@ interface OrganizationService {
    suspend fun getOrganizationKeys(
        organizationId: String,
    ): Result<OrganizationKeysResponseJson>
+
+    /**
+     * Request organization verified domain details for an [email] needed for SSO
+     * requests.
+     */
+    suspend fun getVerifiedOrganizationDomainSsoDetails(
+        email: String,
+    ): Result<VerifiedOrganizationDomainSsoDetailsResponse>
 }
--- a/app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/network/service/OrganizationServiceImpl.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/data/auth/datasource/network/service/OrganizationServiceImpl.kt
@@ -7,6 +7,9 @@ import com.x8bit.bitwarden.data.auth.datasource.network.model.OrganizationDomain
 import com.x8bit.bitwarden.data.auth.datasource.network.model.OrganizationDomainSsoDetailsResponseJson
 import com.x8bit.bitwarden.data.auth.datasource.network.model.OrganizationKeysResponseJson
 import com.x8bit.bitwarden.data.auth.datasource.network.model.OrganizationResetPasswordEnrollRequestJson
+import com.x8bit.bitwarden.data.auth.datasource.network.model.VerifiedOrganizationDomainSsoDetailsRequest
+import com.x8bit.bitwarden.data.auth.datasource.network.model.VerifiedOrganizationDomainSsoDetailsResponse
+import com.x8bit.bitwarden.data.platform.datasource.network.util.toResult

 /**
 * Default implementation of [OrganizationService].
@@ -29,6 +32,7 @@ class OrganizationServiceImpl(
                resetPasswordKey = resetPasswordKey,
            ),
        )
+        .toResult()

    override suspend fun getOrganizationDomainSsoDetails(
        email: String,
@@ -38,6 +42,7 @@ class OrganizationServiceImpl(
                email = email,
            ),
        )
+        .toResult()

    override suspend fun getOrganizationAutoEnrollStatus(
        organizationIdentifier: String,
@@ -45,6 +50,7 @@ class OrganizationServiceImpl(
        .getOrganizationAutoEnrollResponse(
            organizationIdentifier = organizationIdentifier,
        )
+        .toResult()

    override suspend fun getOrganizationKeys(
        organizationId: String,
@@ -52,4 +58,15 @@ class OrganizationServiceImpl(
        .getOrganizationKeys(
            organizationId = organizationId,
        )
+        .toResult()
+
+    override suspend fun getVerifiedOrganizationDomainSsoDetails(
+        email: String,
+    ): Result<VerifiedOrganizationDomainSsoDetailsResponse> = unauthenticatedOrganizationApi
+        .getVerifiedOrganizationDomainsByEmail(
+            body = VerifiedOrganizationDomainSsoDetailsRequest(
+                email = email,
+            ),
+        )
+        .toResult()
 }
--- a/app/src/main/java/com/x8bit/bitwarden/data/auth/manager/AddTotpItemFromAuthenticatorManager.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/data/auth/manager/AddTotpItemFromAuthenticatorManager.kt
@@ -0,0 +1,15 @@
+package com.x8bit.bitwarden.data.auth.manager
+
+import com.x8bit.bitwarden.ui.vault.model.TotpData
+
+/**
+ * Manager for keeping track of requests from the Bitwarden Authenticator app to add a TOTP
+ * item.
+ */
+interface AddTotpItemFromAuthenticatorManager {
+
+    /**
+     * Current pending [TotpData] to be added from the Authenticator app.
+     */
+    var pendingAddTotpLoginItemData: TotpData?
+}
--- a/app/src/main/java/com/x8bit/bitwarden/data/auth/manager/AddTotpItemFromAuthenticatorManagerImpl.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/data/auth/manager/AddTotpItemFromAuthenticatorManagerImpl.kt
@@ -0,0 +1,11 @@
+package com.x8bit.bitwarden.data.auth.manager
+
+import com.x8bit.bitwarden.ui.vault.model.TotpData
+
+/**
+ * Default in memory implementation for [AddTotpItemFromAuthenticatorManager].
+ */
+class AddTotpItemFromAuthenticatorManagerImpl : AddTotpItemFromAuthenticatorManager {
+
+    override var pendingAddTotpLoginItemData: TotpData? = null
+}
--- a/app/src/main/java/com/x8bit/bitwarden/data/auth/manager/AuthRequestManagerImpl.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/data/auth/manager/AuthRequestManagerImpl.kt
@@ -17,6 +17,7 @@ import com.x8bit.bitwarden.data.auth.manager.model.CreateAuthRequestResult
 import com.x8bit.bitwarden.data.auth.manager.util.isSso
 import com.x8bit.bitwarden.data.auth.manager.util.toAuthRequestTypeJson
 import com.x8bit.bitwarden.data.platform.util.asFailure
+import com.x8bit.bitwarden.data.platform.util.asSuccess
 import com.x8bit.bitwarden.data.platform.util.flatMap
 import com.x8bit.bitwarden.data.vault.datasource.sdk.VaultSdkSource
 import kotlinx.coroutines.currentCoroutineContext
@@ -65,7 +66,7 @@ class AuthRequestManagerImpl(
        email: String,
        authRequestType: AuthRequestType,
    ): Flow<CreateAuthRequestResult> = flow {
-        val initialResult = createNewAuthRequest(
+        val initialResult = createNewAuthRequestIfNecessary(
            email = email,
            authRequestType = authRequestType.toAuthRequestTypeJson(),
        )
@@ -74,7 +75,6 @@ class AuthRequestManagerImpl(
                emit(CreateAuthRequestResult.Error)
                return@flow
            }
-        val authRequestResponse = initialResult.authRequestResponse
        var authRequest = initialResult.authRequest
        emit(CreateAuthRequestResult.Update(authRequest))

@@ -84,7 +84,7 @@ class AuthRequestManagerImpl(
            newAuthRequestService
                .getAuthRequestUpdate(
                    requestId = authRequest.id,
-                    accessCode = authRequestResponse.accessCode,
+                    accessCode = initialResult.accessCode,
                    isSso = authRequestType.isSso,
                )
                .map { request ->
@@ -112,7 +112,8 @@ class AuthRequestManagerImpl(
                                emit(
                                    CreateAuthRequestResult.Success(
                                        authRequest = updateAuthRequest,
-                                        authRequestResponse = authRequestResponse,
+                                        privateKey = initialResult.privateKey,
+                                        accessCode = initialResult.accessCode,
                                    ),
                                )
                            }
@@ -354,6 +355,52 @@ class AuthRequestManagerImpl(
            )
    }

+    /**
+     * Creates a new auth request for the given email and returns a [NewAuthRequestData].
+     * If the auth request type is [AuthRequestTypeJson.ADMIN_APPROVAL], check for a
+     * pending auth request and return it if it exists we should return that request.
+     */
+    private suspend fun createNewAuthRequestIfNecessary(
+        email: String,
+        authRequestType: AuthRequestTypeJson,
+    ): Result<NewAuthRequestData> {
+        return if (authRequestType == AuthRequestTypeJson.ADMIN_APPROVAL) {
+            authDiskSource
+                .getPendingAuthRequest(requireNotNull(activeUserId))
+                ?.let { pendingAuthRequest ->
+                    authRequestsService
+                        .getAuthRequest(pendingAuthRequest.requestId)
+                        .map {
+                            NewAuthRequestData(
+                                authRequest = AuthRequest(
+                                    id = it.id,
+                                    publicKey = it.publicKey,
+                                    platform = it.platform,
+                                    ipAddress = it.ipAddress,
+                                    key = it.key,
+                                    masterPasswordHash = it.masterPasswordHash,
+                                    creationDate = it.creationDate,
+                                    responseDate = it.responseDate,
+                                    requestApproved = it.requestApproved ?: false,
+                                    originUrl = it.originUrl,
+                                    fingerprint = pendingAuthRequest.requestFingerprint,
+                                ),
+                                privateKey = pendingAuthRequest.requestPrivateKey,
+                                accessCode = pendingAuthRequest.requestAccessCode,
+                            )
+                                .asSuccess()
+                        }
+                        .getOrNull()
+                }
+                ?: createNewAuthRequest(email = email, authRequestType = authRequestType)
+        } else {
+            createNewAuthRequest(
+                email = email,
+                authRequestType = authRequestType,
+            )
+        }
+    }
+
    /**
     * Attempts to create a new auth request for the given email and returns a [NewAuthRequestData]
     * with the [AuthRequest] and [AuthRequestResponse].
@@ -381,6 +428,8 @@ class AuthRequestManagerImpl(
                                pendingAuthRequest = PendingAuthRequestJson(
                                    requestId = it.id,
                                    requestPrivateKey = authRequestResponse.privateKey,
+                                    requestAccessCode = authRequestResponse.accessCode,
+                                    requestFingerprint = authRequestResponse.fingerprint,
                                ),
                            )
                        }
@@ -400,7 +449,13 @@ class AuthRequestManagerImpl(
                            fingerprint = authRequestResponse.fingerprint,
                        )
                    }
-                    .map { NewAuthRequestData(it, authRequestResponse) }
+                    .map {
+                        NewAuthRequestData(
+                            authRequest = it,
+                            privateKey = authRequestResponse.privateKey,
+                            accessCode = authRequestResponse.accessCode,
+                        )
+                    }
            }

    private suspend fun getFingerprintPhrase(
@@ -420,5 +475,6 @@ class AuthRequestManagerImpl(
 */
 private data class NewAuthRequestData(
    val authRequest: AuthRequest,
-    val authRequestResponse: AuthRequestResponse,
+    val privateKey: String,
+    val accessCode: String,
 )
--- a/app/src/main/java/com/x8bit/bitwarden/data/auth/manager/di/AuthManagerModule.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/data/auth/manager/di/AuthManagerModule.kt
@@ -7,6 +7,8 @@ import com.x8bit.bitwarden.data.auth.datasource.network.service.AuthRequestsServ
 import com.x8bit.bitwarden.data.auth.datasource.network.service.DevicesService
 import com.x8bit.bitwarden.data.auth.datasource.network.service.NewAuthRequestService
 import com.x8bit.bitwarden.data.auth.datasource.sdk.AuthSdkSource
+import com.x8bit.bitwarden.data.auth.manager.AddTotpItemFromAuthenticatorManager
+import com.x8bit.bitwarden.data.auth.manager.AddTotpItemFromAuthenticatorManagerImpl
 import com.x8bit.bitwarden.data.auth.manager.AuthRequestManager
 import com.x8bit.bitwarden.data.auth.manager.AuthRequestManagerImpl
 import com.x8bit.bitwarden.data.auth.manager.AuthRequestNotificationManager
@@ -124,4 +126,9 @@ object AuthManagerModule {
            vaultSdkSource = vaultSdkSource,
            dispatcherManager = dispatcherManager,
        )
+
+    @Provides
+    @Singleton
+    fun providesAddTotpItemFromAuthenticatorManager(): AddTotpItemFromAuthenticatorManager =
+        AddTotpItemFromAuthenticatorManagerImpl()
 }
--- a/app/src/main/java/com/x8bit/bitwarden/data/auth/manager/model/CreateAuthRequestResult.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/data/auth/manager/model/CreateAuthRequestResult.kt
@@ -1,7 +1,5 @@
 package com.x8bit.bitwarden.data.auth.manager.model

-import com.bitwarden.core.AuthRequestResponse
-
 /**
 * Models result of creating a new login approval request.
 */
@@ -18,7 +16,8 @@ sealed class CreateAuthRequestResult {
     */
    data class Success(
        val authRequest: AuthRequest,
-        val authRequestResponse: AuthRequestResponse,
+        val privateKey: String,
+        val accessCode: String,
    ) : CreateAuthRequestResult()

    /**
--- a/app/src/main/java/com/x8bit/bitwarden/data/auth/manager/util/AuthRequestTypeExtensions.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/data/auth/manager/util/AuthRequestTypeExtensions.kt
@@ -11,7 +11,7 @@ val AuthRequestType.isSso: Boolean
        AuthRequestType.OTHER_DEVICE -> false
        AuthRequestType.SSO_OTHER_DEVICE,
        AuthRequestType.SSO_ADMIN_APPROVAL,
-        -> true
+            -> true
    }

 /**
@@ -21,7 +21,7 @@ fun AuthRequestType.toAuthRequestTypeJson(): AuthRequestTypeJson =
    when (this) {
        AuthRequestType.OTHER_DEVICE,
        AuthRequestType.SSO_OTHER_DEVICE,
-        -> AuthRequestTypeJson.LOGIN_WITH_DEVICE
+            -> AuthRequestTypeJson.LOGIN_WITH_DEVICE

        AuthRequestType.SSO_ADMIN_APPROVAL -> AuthRequestTypeJson.ADMIN_APPROVAL
    }
--- a/app/src/main/java/com/x8bit/bitwarden/data/auth/repository/AuthRepository.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/data/auth/repository/AuthRepository.kt
@@ -28,6 +28,7 @@ import com.x8bit.bitwarden.data.auth.repository.model.SwitchAccountResult
 import com.x8bit.bitwarden.data.auth.repository.model.UserState
 import com.x8bit.bitwarden.data.auth.repository.model.ValidatePasswordResult
 import com.x8bit.bitwarden.data.auth.repository.model.ValidatePinResult
+import com.x8bit.bitwarden.data.auth.repository.model.VerifiedOrganizationDomainSsoDetailsResult
 import com.x8bit.bitwarden.data.auth.repository.model.VerifyOtpResult
 import com.x8bit.bitwarden.data.auth.repository.util.CaptchaCallbackTokenResult
 import com.x8bit.bitwarden.data.auth.repository.util.DuoCallbackTokenResult
@@ -212,6 +213,7 @@ interface AuthRepository : AuthenticatorProvider, AuthRequestManager {
        password: String?,
        twoFactorData: TwoFactorDataModel,
        captchaToken: String?,
+        orgIdentifier: String?,
    ): LoginResult

    /**
@@ -328,6 +330,13 @@ interface AuthRepository : AuthenticatorProvider, AuthRequestManager {
        email: String,
    ): OrganizationDomainSsoDetailsResult

+    /**
+     * Get the verified organization domain SSO details for the given [email].
+     */
+    suspend fun getVerifiedOrganizationDomainSsoDetails(
+        email: String,
+    ): VerifiedOrganizationDomainSsoDetailsResult
+
    /**
     * Prevalidates the organization identifier used in an SSO request.
     */
--- a/app/src/main/java/com/x8bit/bitwarden/data/auth/repository/AuthRepositoryImpl.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/data/auth/repository/AuthRepositoryImpl.kt
@@ -68,6 +68,7 @@ import com.x8bit.bitwarden.data.auth.repository.model.UserState
 import com.x8bit.bitwarden.data.auth.repository.model.ValidatePasswordResult
 import com.x8bit.bitwarden.data.auth.repository.model.ValidatePinResult
 import com.x8bit.bitwarden.data.auth.repository.model.VaultUnlockType
+import com.x8bit.bitwarden.data.auth.repository.model.VerifiedOrganizationDomainSsoDetailsResult
 import com.x8bit.bitwarden.data.auth.repository.model.VerifyOtpResult
 import com.x8bit.bitwarden.data.auth.repository.model.toLoginErrorResult
 import com.x8bit.bitwarden.data.auth.repository.util.CaptchaCallbackTokenResult
@@ -92,15 +93,20 @@ import com.x8bit.bitwarden.data.auth.repository.util.userSwitchingChangesFlow
 import com.x8bit.bitwarden.data.auth.util.KdfParamsConstants.DEFAULT_PBKDF2_ITERATIONS
 import com.x8bit.bitwarden.data.auth.util.YubiKeyResult
 import com.x8bit.bitwarden.data.auth.util.toSdkParams
+import com.x8bit.bitwarden.data.platform.datasource.disk.ConfigDiskSource
 import com.x8bit.bitwarden.data.platform.manager.FeatureFlagManager
+import com.x8bit.bitwarden.data.platform.manager.FirstTimeActionManager
+import com.x8bit.bitwarden.data.platform.manager.LogsManager
 import com.x8bit.bitwarden.data.platform.manager.PolicyManager
 import com.x8bit.bitwarden.data.platform.manager.PushManager
 import com.x8bit.bitwarden.data.platform.manager.dispatcher.DispatcherManager
+import com.x8bit.bitwarden.data.platform.manager.model.FirstTimeState
 import com.x8bit.bitwarden.data.platform.manager.model.FlagKey
 import com.x8bit.bitwarden.data.platform.manager.util.getActivePolicies
 import com.x8bit.bitwarden.data.platform.repository.EnvironmentRepository
 import com.x8bit.bitwarden.data.platform.repository.SettingsRepository
 import com.x8bit.bitwarden.data.platform.repository.util.bufferedMutableSharedFlow
+import com.x8bit.bitwarden.data.platform.repository.util.toEnvironmentUrls
 import com.x8bit.bitwarden.data.platform.util.asFailure
 import com.x8bit.bitwarden.data.platform.util.asSuccess
 import com.x8bit.bitwarden.data.platform.util.flatMap
@@ -151,6 +157,7 @@ class AuthRepositoryImpl(
    private val authSdkSource: AuthSdkSource,
    private val vaultSdkSource: VaultSdkSource,
    private val authDiskSource: AuthDiskSource,
+    private val configDiskSource: ConfigDiskSource,
    private val environmentRepository: EnvironmentRepository,
    private val settingsRepository: SettingsRepository,
    private val vaultRepository: VaultRepository,
@@ -160,6 +167,8 @@ class AuthRepositoryImpl(
    private val userLogoutManager: UserLogoutManager,
    private val policyManager: PolicyManager,
    private val featureFlagManager: FeatureFlagManager,
+    firstTimeActionManager: FirstTimeActionManager,
+    logsManager: LogsManager,
    pushManager: PushManager,
    dispatcherManager: DispatcherManager,
 ) : AuthRepository,
@@ -254,6 +263,7 @@ class AuthRepositoryImpl(
        authDiskSource.userOrganizationsListFlow,
        authDiskSource.userKeyConnectorStateFlow,
        authDiskSource.onboardingStatusChangesFlow,
+        firstTimeActionManager.firstTimeStateFlow,
        vaultRepository.vaultUnlockDataStateFlow,
        mutableHasPendingAccountAdditionStateFlow,
        // Ignore the data in the merge, but trigger an update when they emit.
@@ -267,8 +277,9 @@ class AuthRepositoryImpl(
        val userOrganizationsList = array[2] as List<UserOrganizations>
        val userIsUsingKeyConnectorList = array[3] as List<UserKeyConnectorState>
        val onboardingStatus = array[4] as OnboardingStatus?
-        val vaultState = array[5] as List<VaultUnlockData>
-        val hasPendingAccountAddition = array[6] as Boolean
+        val firstTimeState = array[5] as FirstTimeState
+        val vaultState = array[6] as List<VaultUnlockData>
+        val hasPendingAccountAddition = array[7] as Boolean
        userStateJson?.toUserState(
            vaultState = vaultState,
            userAccountTokens = userAccountTokens,
@@ -279,6 +290,7 @@ class AuthRepositoryImpl(
            isBiometricsEnabledProvider = ::isBiometricsEnabled,
            vaultUnlockTypeProvider = ::getVaultUnlockType,
            isDeviceTrustedProvider = ::isDeviceTrusted,
+            firstTimeState = firstTimeState,
        )
    }
        .filterNot { mutableHasPendingAccountDeletionStateFlow.value }
@@ -298,6 +310,7 @@ class AuthRepositoryImpl(
                    isBiometricsEnabledProvider = ::isBiometricsEnabled,
                    vaultUnlockTypeProvider = ::getVaultUnlockType,
                    isDeviceTrustedProvider = ::isDeviceTrusted,
+                    firstTimeState = firstTimeActionManager.currentOrDefaultUserFirstTimeState,
                ),
        )

@@ -354,6 +367,24 @@ class AuthRepositoryImpl(
            featureFlagManager.getFeatureFlag(FlagKey.OnboardingCarousel)

    init {
+        combine(
+            mutableHasPendingAccountAdditionStateFlow,
+            authDiskSource.userStateFlow,
+            environmentRepository.environmentStateFlow,
+        ) { hasPendingAddition, userState, environment ->
+            logsManager.setUserData(
+                userId = userState?.activeUserId.takeUnless { hasPendingAddition },
+                environmentType = userState
+                    ?.activeAccount
+                    ?.settings
+                    ?.environmentUrlData
+                    ?.toEnvironmentUrls()
+                    ?.type
+                    .takeUnless { hasPendingAddition }
+                    ?: environment.type,
+            )
+        }
+            .launchIn(unconfinedScope)
        pushManager
            .syncOrgKeysFlow
            .onEach {
@@ -628,6 +659,7 @@ class AuthRepositoryImpl(
        password: String?,
        twoFactorData: TwoFactorDataModel,
        captchaToken: String?,
+        orgIdentifier: String?,
    ): LoginResult = identityTokenAuthModel
        ?.let {
            loginCommon(
@@ -637,6 +669,7 @@ class AuthRepositoryImpl(
                twoFactorData = twoFactorData,
                captchaToken = captchaToken ?: twoFactorResponse?.captchaToken,
                deviceData = twoFactorDeviceData,
+                orgIdentifier = orgIdentifier,
            )
        }
        ?: LoginResult.Error(errorMessage = null)
@@ -998,7 +1031,7 @@ class AuthRepositoryImpl(
            ForcePasswordResetReason.ADMIN_FORCE_PASSWORD_RESET,
            ForcePasswordResetReason.WEAK_MASTER_PASSWORD_ON_LOGIN,
            null,
-            -> {
+                -> {
                authSdkSource
                    .makeRegisterKeys(
                        email = activeAccount.profile.email,
@@ -1048,7 +1081,7 @@ class AuthRepositoryImpl(
                    is VaultUnlockResult.AuthenticationError,
                    VaultUnlockResult.InvalidStateError,
                    VaultUnlockResult.GenericError,
-                    -> {
+                        -> {
                        IllegalStateException("Failed to unlock vault").asFailure()
                    }
                }
@@ -1091,11 +1124,27 @@ class AuthRepositoryImpl(
                OrganizationDomainSsoDetailsResult.Success(
                    isSsoAvailable = it.isSsoAvailable,
                    organizationIdentifier = it.organizationIdentifier,
+                    verifiedDate = it.verifiedDate,
                )
            },
            onFailure = { OrganizationDomainSsoDetailsResult.Failure },
        )

+    override suspend fun getVerifiedOrganizationDomainSsoDetails(
+        email: String,
+    ): VerifiedOrganizationDomainSsoDetailsResult = organizationService
+        .getVerifiedOrganizationDomainSsoDetails(
+            email = email,
+        )
+        .fold(
+            onSuccess = {
+                VerifiedOrganizationDomainSsoDetailsResult.Success(
+                    verifiedOrganizationDomainSsoDetails = it.verifiedOrganizationDomainSsoDetails,
+                )
+            },
+            onFailure = { VerifiedOrganizationDomainSsoDetailsResult.Failure },
+        )
+
    override suspend fun prevalidateSso(
        organizationIdentifier: String,
    ): PrevalidateSsoResult = identityService
@@ -1253,7 +1302,7 @@ class AuthRepositoryImpl(
            .sendVerificationEmail(
                SendVerificationEmailRequestJson(
                    email = email,
-                    name = name,
+                    name = name.takeUnless { it.isBlank() },
                    receiveMarketingEmails = receiveMarketingEmails,
                ),
            )
@@ -1459,7 +1508,12 @@ class AuthRepositoryImpl(
            captchaToken = captchaToken,
        )
        .fold(
-            onFailure = { LoginResult.Error(errorMessage = null) },
+            onFailure = {
+                when (configDiskSource.serverConfig?.isOfficialBitwardenServer) {
+                    false -> LoginResult.UnofficialServerError
+                    else -> LoginResult.Error(errorMessage = null)
+                }
+            },
            onSuccess = { loginResponse ->
                when (loginResponse) {
                    is GetTokenResponseJson.CaptchaRequired -> LoginResult.CaptchaRequired(
@@ -1482,7 +1536,7 @@ class AuthRepositoryImpl(
                    )

                    is GetTokenResponseJson.Invalid -> LoginResult.Error(
-                        errorMessage = loginResponse.errorModel.errorMessage,
+                        errorMessage = loginResponse.errorMessage,
                    )
                }
            },
--- a/app/src/main/java/com/x8bit/bitwarden/data/auth/repository/di/AuthRepositoryModule.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/data/auth/repository/di/AuthRepositoryModule.kt
@@ -13,7 +13,10 @@ import com.x8bit.bitwarden.data.auth.manager.TrustedDeviceManager
 import com.x8bit.bitwarden.data.auth.manager.UserLogoutManager
 import com.x8bit.bitwarden.data.auth.repository.AuthRepository
 import com.x8bit.bitwarden.data.auth.repository.AuthRepositoryImpl
+import com.x8bit.bitwarden.data.platform.datasource.disk.ConfigDiskSource
 import com.x8bit.bitwarden.data.platform.manager.FeatureFlagManager
+import com.x8bit.bitwarden.data.platform.manager.FirstTimeActionManager
+import com.x8bit.bitwarden.data.platform.manager.LogsManager
 import com.x8bit.bitwarden.data.platform.manager.PolicyManager
 import com.x8bit.bitwarden.data.platform.manager.PushManager
 import com.x8bit.bitwarden.data.platform.manager.dispatcher.DispatcherManager
@@ -45,6 +48,7 @@ object AuthRepositoryModule {
        authSdkSource: AuthSdkSource,
        vaultSdkSource: VaultSdkSource,
        authDiskSource: AuthDiskSource,
+        configDiskSource: ConfigDiskSource,
        dispatcherManager: DispatcherManager,
        environmentRepository: EnvironmentRepository,
        settingsRepository: SettingsRepository,
@@ -56,6 +60,8 @@ object AuthRepositoryModule {
        pushManager: PushManager,
        policyManager: PolicyManager,
        featureFlagManager: FeatureFlagManager,
+        firstTimeActionManager: FirstTimeActionManager,
+        logsManager: LogsManager,
    ): AuthRepository = AuthRepositoryImpl(
        accountsService = accountsService,
        devicesService = devicesService,
@@ -64,6 +70,7 @@ object AuthRepositoryModule {
        authSdkSource = authSdkSource,
        vaultSdkSource = vaultSdkSource,
        authDiskSource = authDiskSource,
+        configDiskSource = configDiskSource,
        haveIBeenPwnedService = haveIBeenPwnedService,
        dispatcherManager = dispatcherManager,
        environmentRepository = environmentRepository,
@@ -76,5 +83,7 @@ object AuthRepositoryModule {
        pushManager = pushManager,
        policyManager = policyManager,
        featureFlagManager = featureFlagManager,
+        firstTimeActionManager = firstTimeActionManager,
+        logsManager = logsManager,
    )
 }
--- a/app/src/main/java/com/x8bit/bitwarden/data/auth/repository/model/LoginResult.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/data/auth/repository/model/LoginResult.kt
@@ -23,4 +23,9 @@ sealed class LoginResult {
     * There was an error logging in.
     */
    data class Error(val errorMessage: String?) : LoginResult()
+
+    /**
+     * There was an error while logging into an unofficial Bitwarden server.
+     */
+    data object UnofficialServerError : LoginResult()
 }
--- a/app/src/main/java/com/x8bit/bitwarden/data/auth/repository/model/LoginResultExtensions.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/data/auth/repository/model/LoginResultExtensions.kt
@@ -11,5 +11,5 @@ fun VaultUnlockError.toLoginErrorResult(): LoginResult.Error = when (this) {
    is VaultUnlockResult.AuthenticationError -> LoginResult.Error(this.message)
    VaultUnlockResult.GenericError,
    VaultUnlockResult.InvalidStateError,
-    -> LoginResult.Error(errorMessage = null)
+        -> LoginResult.Error(errorMessage = null)
 }
--- a/app/src/main/java/com/x8bit/bitwarden/data/auth/repository/model/OrganizationDomainSsoDetailsResult.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/data/auth/repository/model/OrganizationDomainSsoDetailsResult.kt
@@ -1,5 +1,7 @@
 package com.x8bit.bitwarden.data.auth.repository.model

+import java.time.ZonedDateTime
+
 /**
 * Response types when checking for an email's claimed domain organization.
 */
@@ -9,10 +11,12 @@ sealed class OrganizationDomainSsoDetailsResult {
     *
     * @property isSsoAvailable Indicates if SSO is available for the email address.
     * @property organizationIdentifier The claimed organization identifier for the email address.
+     * @property verifiedDate The date and time when the domain was verified.
     */
    data class Success(
        val isSsoAvailable: Boolean,
        val organizationIdentifier: String,
+        val verifiedDate: ZonedDateTime?,
    ) : OrganizationDomainSsoDetailsResult()

    /**
--- a/app/src/main/java/com/x8bit/bitwarden/data/auth/repository/model/PolicyInformation.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/data/auth/repository/model/PolicyInformation.kt
@@ -1,6 +1,5 @@
 package com.x8bit.bitwarden.data.auth.repository.model

-import com.x8bit.bitwarden.data.vault.datasource.network.model.SyncResponseJson
 import kotlinx.serialization.SerialName
 import kotlinx.serialization.Serializable

--- a/app/src/main/java/com/x8bit/bitwarden/data/auth/repository/model/UserState.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/data/auth/repository/model/UserState.kt
@@ -2,6 +2,7 @@ package com.x8bit.bitwarden.data.auth.repository.model

 import com.x8bit.bitwarden.data.auth.datasource.disk.model.OnboardingStatus
 import com.x8bit.bitwarden.data.auth.repository.model.UserState.Account
+import com.x8bit.bitwarden.data.platform.manager.model.FirstTimeState
 import com.x8bit.bitwarden.data.platform.repository.model.Environment

 /**
@@ -29,6 +30,9 @@ data class UserState(
    val activeAccount: Account
        get() = accounts.first { it.userId == activeUserId }

+    val activeUserFirstTimeState: FirstTimeState
+        get() = activeAccount.firstTimeState
+
    /**
     * Basic account information about a given user.
     *
@@ -71,6 +75,7 @@ data class UserState(
        val vaultUnlockType: VaultUnlockType = VaultUnlockType.MASTER_PASSWORD,
        val isUsingKeyConnector: Boolean,
        val onboardingStatus: OnboardingStatus,
+        val firstTimeState: FirstTimeState,
    ) {
        /**
         * Indicates that the user does or does not have a means to manually unlock the vault.
--- a/app/src/main/java/com/x8bit/bitwarden/data/auth/repository/model/VerifiedOrganizationDomainSsoDetailsResult.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/data/auth/repository/model/VerifiedOrganizationDomainSsoDetailsResult.kt
@@ -0,0 +1,22 @@
+package com.x8bit.bitwarden.data.auth.repository.model
+
+import com.x8bit.bitwarden.data.auth.datasource.network.model.VerifiedOrganizationDomainSsoDetailsResponse.VerifiedOrganizationDomainSsoDetail
+
+/**
+ * Response types when checking for an email's claimed domain organization.
+ */
+sealed class VerifiedOrganizationDomainSsoDetailsResult {
+    /**
+     * The request was successful.
+     *
+     * @property verifiedOrganizationDomainSsoDetails The verified organization domain SSO details.
+     */
+    data class Success(
+        val verifiedOrganizationDomainSsoDetails: List<VerifiedOrganizationDomainSsoDetail>,
+    ) : VerifiedOrganizationDomainSsoDetailsResult()
+
+    /**
+     * The request failed.
+     */
+    data object Failure : VerifiedOrganizationDomainSsoDetailsResult()
+}
--- a/app/src/main/java/com/x8bit/bitwarden/data/auth/repository/util/AuthDiskSourceExtensions.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/data/auth/repository/util/AuthDiskSourceExtensions.kt
@@ -176,13 +176,16 @@ val AuthDiskSource.activeUserIdChangesFlow: Flow<String?>
@OptIn(ExperimentalCoroutinesApi::class)
 val AuthDiskSource.onboardingStatusChangesFlow: Flow<OnboardingStatus?>
    get() = activeUserIdChangesFlow
-            .flatMapLatest { activeUserId ->
-                activeUserId
-                    ?.let { this.getOnboardingStatusFlow(userId = it) }
-                    ?: flowOf(null)
-            }
-            .distinctUntilChanged()
+        .flatMapLatest { activeUserId ->
+            activeUserId
+                ?.let { this.getOnboardingStatusFlow(userId = it) }
+                ?: flowOf(null)
+        }
+        .distinctUntilChanged()

+/**
+ * Returns the current [OnboardingStatus] of the active user.
+ */
 val AuthDiskSource.currentOnboardingStatus: OnboardingStatus?
    get() = this
        .userState
--- a/app/src/main/java/com/x8bit/bitwarden/data/auth/repository/util/UserStateJsonExtensions.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/data/auth/repository/util/UserStateJsonExtensions.kt
@@ -8,6 +8,7 @@ import com.x8bit.bitwarden.data.auth.repository.model.UserKeyConnectorState
 import com.x8bit.bitwarden.data.auth.repository.model.UserOrganizations
 import com.x8bit.bitwarden.data.auth.repository.model.UserState
 import com.x8bit.bitwarden.data.auth.repository.model.VaultUnlockType
+import com.x8bit.bitwarden.data.platform.manager.model.FirstTimeState
 import com.x8bit.bitwarden.data.platform.repository.util.toEnvironmentUrlsOrDefault
 import com.x8bit.bitwarden.data.vault.datasource.network.model.OrganizationType
 import com.x8bit.bitwarden.data.vault.datasource.network.model.SyncResponseJson
@@ -111,6 +112,7 @@ fun UserStateJson.toUserState(
    userIsUsingKeyConnectorList: List<UserKeyConnectorState>,
    hasPendingAccountAddition: Boolean,
    onboardingStatus: OnboardingStatus?,
+    firstTimeState: FirstTimeState,
    isBiometricsEnabledProvider: (userId: String) -> Boolean,
    vaultUnlockTypeProvider: (userId: String) -> VaultUnlockType,
    isDeviceTrustedProvider: (userId: String) -> Boolean,
@@ -137,9 +139,6 @@ fun UserStateJson.toUserState(
                        it.role == OrganizationType.ADMIN ||
                        it.shouldManageResetPassword
                }
-                val needsMasterPassword = decryptionOptions?.hasMasterPassword == false &&
-                    hasManageResetPasswordPermission &&
-                    keyConnectorOptions == null
                val trustedDevice = trustedDeviceOptions?.let {
                    UserState.TrustedDevice(
                        isDeviceTrusted = isDeviceTrustedProvider(userId),
@@ -148,7 +147,14 @@ fun UserStateJson.toUserState(
                        hasResetPasswordPermission = it.hasManageResetPasswordPermission,
                    )
                }
-
+                // If a user does not have a Master Password we want to check if they have another
+                // method for unlocking the vault. In the case of a TDE user we check if they
+                // have the reset password permission via their organization(S). If the user does
+                // not belong to a TDE or we check to see if they user key connector.
+                val tdeUserNeedsMasterPassword =
+                    hasManageResetPasswordPermission.takeIf { trustedDevice != null }
+                val needsMasterPassword = decryptionOptions?.hasMasterPassword == false &&
+                    (tdeUserNeedsMasterPassword ?: (keyConnectorOptions == null))
                UserState.Account(
                    userId = userId,
                    name = profile.name,
@@ -176,6 +182,7 @@ fun UserStateJson.toUserState(
                    // If the user exists with no onboarding status we can assume they have been
                    // using the app prior to the release of the onboarding flow.
                    onboardingStatus = onboardingStatus ?: OnboardingStatus.COMPLETE,
+                    firstTimeState = firstTimeState,
                )
            },
        hasPendingAccountAddition = hasPendingAccountAddition,
--- a/app/src/main/java/com/x8bit/bitwarden/data/autofill/accessibility/BitwardenAccessibilityService.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/data/autofill/accessibility/BitwardenAccessibilityService.kt
@@ -22,8 +22,7 @@ class BitwardenAccessibilityService : AccessibilityService() {
    lateinit var processor: BitwardenAccessibilityProcessor

    override fun onAccessibilityEvent(event: AccessibilityEvent) {
-        if (rootInActiveWindow?.packageName != event.packageName) return
-        processor.processAccessibilityEvent(rootAccessibilityNodeInfo = rootInActiveWindow)
+        processor.processAccessibilityEvent(event = event) { rootInActiveWindow }
    }

    override fun onInterrupt() = Unit
--- a/app/src/main/java/com/x8bit/bitwarden/data/autofill/accessibility/di/ActivityAccessibilityModule.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/data/autofill/accessibility/di/ActivityAccessibilityModule.kt
@@ -5,7 +5,7 @@ import androidx.lifecycle.LifecycleCoroutineScope
 import com.x8bit.bitwarden.data.autofill.accessibility.manager.AccessibilityActivityManager
 import com.x8bit.bitwarden.data.autofill.accessibility.manager.AccessibilityActivityManagerImpl
 import com.x8bit.bitwarden.data.autofill.accessibility.manager.AccessibilityEnabledManager
-import com.x8bit.bitwarden.data.platform.manager.AppForegroundManager
+import com.x8bit.bitwarden.data.platform.manager.AppStateManager
 import dagger.Module
 import dagger.Provides
 import dagger.hilt.InstallIn
@@ -24,13 +24,13 @@ object ActivityAccessibilityModule {
    fun providesAccessibilityActivityManager(
        @ApplicationContext context: Context,
        accessibilityEnabledManager: AccessibilityEnabledManager,
-        appForegroundManager: AppForegroundManager,
+        appStateManager: AppStateManager,
        lifecycleScope: LifecycleCoroutineScope,
    ): AccessibilityActivityManager =
        AccessibilityActivityManagerImpl(
            context = context,
            accessibilityEnabledManager = accessibilityEnabledManager,
-            appForegroundManager = appForegroundManager,
+            appStateManager = appStateManager,
            lifecycleScope = lifecycleScope,
        )
 }
--- a/app/src/main/java/com/x8bit/bitwarden/data/autofill/accessibility/manager/AccessibilityActivityManagerImpl.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/data/autofill/accessibility/manager/AccessibilityActivityManagerImpl.kt
@@ -3,7 +3,7 @@ package com.x8bit.bitwarden.data.autofill.accessibility.manager
 import android.content.Context
 import androidx.lifecycle.LifecycleCoroutineScope
 import com.x8bit.bitwarden.data.autofill.accessibility.util.isAccessibilityServiceEnabled
-import com.x8bit.bitwarden.data.platform.manager.AppForegroundManager
+import com.x8bit.bitwarden.data.platform.manager.AppStateManager
 import kotlinx.coroutines.flow.launchIn
 import kotlinx.coroutines.flow.onEach

@@ -13,11 +13,11 @@ import kotlinx.coroutines.flow.onEach
 class AccessibilityActivityManagerImpl(
    private val context: Context,
    private val accessibilityEnabledManager: AccessibilityEnabledManager,
-    appForegroundManager: AppForegroundManager,
+    appStateManager: AppStateManager,
    lifecycleScope: LifecycleCoroutineScope,
 ) : AccessibilityActivityManager {
    init {
-        appForegroundManager
+        appStateManager
            .appForegroundStateFlow
            .onEach {
                accessibilityEnabledManager.isAccessibilityEnabled =
--- a/app/src/main/java/com/x8bit/bitwarden/data/autofill/accessibility/manager/AccessibilityCompletionManagerImpl.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/data/autofill/accessibility/manager/AccessibilityCompletionManagerImpl.kt
@@ -26,18 +26,18 @@ class AccessibilityCompletionManagerImpl(
            .intent
            ?.getAutofillSelectionDataOrNull()
            ?: run {
-                activity.finish()
+                activity.finishAndRemoveTask()
                return
            }
        if (autofillSelectionData.framework != AutofillSelectionData.Framework.ACCESSIBILITY) {
-            activity.finish()
+            activity.finishAndRemoveTask()
            return
        }
        val uri = autofillSelectionData
            .uri
            ?.toUriOrNull()
            ?: run {
-                activity.finish()
+                activity.finishAndRemoveTask()
                return
            }

@@ -47,7 +47,7 @@ class AccessibilityCompletionManagerImpl(
        )
        mainScope.launch {
            totpManager.tryCopyTotpToClipboard(cipherView = cipherView)
-            activity.finish()
        }
+        activity.finishAndRemoveTask()
    }
 }
--- a/app/src/main/java/com/x8bit/bitwarden/data/autofill/accessibility/manager/AccessibilityNodeInfoManagerImpl.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/data/autofill/accessibility/manager/AccessibilityNodeInfoManagerImpl.kt
@@ -1,11 +1,10 @@
 package com.x8bit.bitwarden.data.autofill.accessibility.manager

 import android.net.Uri
-import android.util.Log
 import android.view.accessibility.AccessibilityNodeInfo
-import com.x8bit.bitwarden.BuildConfig
 import com.x8bit.bitwarden.data.autofill.accessibility.util.getKnownUsernameFieldNull
 import com.x8bit.bitwarden.data.autofill.accessibility.util.isUsername
+import timber.log.Timber

 private const val MAX_NODE_COUNT: Int = 100

@@ -90,7 +89,6 @@ class AccessibilityNodeInfoManagerImpl : AccessibilityNodeInfoManager {
            ?.let { allNodes.getOrNull(index = allNodes.indexOf(element = it) - 1) }

    private fun log(message: String) {
-        if (!BuildConfig.DEBUG) return
-        Log.i("AccessibilityNodeInfoManager", message)
+        Timber.i(message)
    }
 }
--- a/app/src/main/java/com/x8bit/bitwarden/data/autofill/accessibility/processor/BitwardenAccessibilityProcessor.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/data/autofill/accessibility/processor/BitwardenAccessibilityProcessor.kt
@@ -1,5 +1,6 @@
 package com.x8bit.bitwarden.data.autofill.accessibility.processor

+import android.view.accessibility.AccessibilityEvent
 import android.view.accessibility.AccessibilityNodeInfo

 /**
@@ -7,7 +8,12 @@ import android.view.accessibility.AccessibilityNodeInfo
 */
 interface BitwardenAccessibilityProcessor {
    /**
-     * Processes the [AccessibilityNodeInfo] for autofill options.
+     * Processes the [AccessibilityEvent] for autofill options and grant access to the current
+     * [AccessibilityNodeInfo] via the [rootAccessibilityNodeInfoProvider] (note that calling the
+     * `rootAccessibilityNodeInfoProvider` is expensive).
     */
-    fun processAccessibilityEvent(rootAccessibilityNodeInfo: AccessibilityNodeInfo?)
+    fun processAccessibilityEvent(
+        event: AccessibilityEvent,
+        rootAccessibilityNodeInfoProvider: () -> AccessibilityNodeInfo?,
+    )
 }
--- a/app/src/main/java/com/x8bit/bitwarden/data/autofill/accessibility/processor/BitwardenAccessibilityProcessorImpl.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/data/autofill/accessibility/processor/BitwardenAccessibilityProcessorImpl.kt
@@ -2,6 +2,7 @@ package com.x8bit.bitwarden.data.autofill.accessibility.processor

 import android.content.Context
 import android.os.PowerManager
+import android.view.accessibility.AccessibilityEvent
 import android.view.accessibility.AccessibilityNodeInfo
 import android.widget.Toast
 import com.x8bit.bitwarden.R
@@ -25,15 +26,18 @@ class BitwardenAccessibilityProcessorImpl(
    private val launcherPackageNameManager: LauncherPackageNameManager,
    private val powerManager: PowerManager,
 ) : BitwardenAccessibilityProcessor {
-    override fun processAccessibilityEvent(rootAccessibilityNodeInfo: AccessibilityNodeInfo?) {
-        val rootNode = rootAccessibilityNodeInfo ?: return
+    override fun processAccessibilityEvent(
+        event: AccessibilityEvent,
+        rootAccessibilityNodeInfoProvider: () -> AccessibilityNodeInfo?,
+    ) {
+        val eventNode = event.source ?: return
        // Ignore the event when the phone is inactive
        if (!powerManager.isInteractive) return
        // We skip if the system package
-        if (rootNode.isSystemPackage) return
+        if (eventNode.isSystemPackage) return
        // We skip any package that is a launcher or unsupported
-        if (rootNode.shouldSkipPackage ||
-            launcherPackageNameManager.launcherPackages.any { it == rootNode.packageName }
+        if (eventNode.shouldSkipPackage ||
+            launcherPackageNameManager.launcherPackages.any { it == eventNode.packageName }
        ) {
            // Clear the action since this event needs to be ignored completely
            accessibilityAutofillManager.accessibilityAction = null
@@ -42,14 +46,19 @@ class BitwardenAccessibilityProcessorImpl(

        // Only process the event if the tile was clicked
        val accessibilityAction = accessibilityAutofillManager.accessibilityAction ?: return
+        // We only call for the root node once after all other checks
+        // have passed because it is significant performance hit
+        if (rootAccessibilityNodeInfoProvider()?.packageName != event.packageName) return
+
+        // Clear the action since we are now acting on it
        accessibilityAutofillManager.accessibilityAction = null

        when (accessibilityAction) {
            is AccessibilityAction.AttemptFill -> {
-                handleAttemptFill(rootNode = rootNode, attemptFill = accessibilityAction)
+                handleAttemptFill(rootNode = eventNode, attemptFill = accessibilityAction)
            }

-            AccessibilityAction.AttemptParseUri -> handleAttemptParseUri(rootNode = rootNode)
+            AccessibilityAction.AttemptParseUri -> handleAttemptParseUri(rootNode = eventNode)
        }
    }

--- a/app/src/main/java/com/x8bit/bitwarden/data/autofill/di/ActivityAutofillModule.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/data/autofill/di/ActivityAutofillModule.kt
@@ -8,7 +8,7 @@ import androidx.lifecycle.lifecycleScope
 import com.x8bit.bitwarden.data.autofill.manager.AutofillActivityManager
 import com.x8bit.bitwarden.data.autofill.manager.AutofillActivityManagerImpl
 import com.x8bit.bitwarden.data.autofill.manager.AutofillEnabledManager
-import com.x8bit.bitwarden.data.platform.manager.AppForegroundManager
+import com.x8bit.bitwarden.data.platform.manager.AppStateManager
 import dagger.Module
 import dagger.Provides
 import dagger.hilt.InstallIn
@@ -27,13 +27,13 @@ object ActivityAutofillModule {
    @Provides
    fun provideAutofillActivityManager(
        @ActivityScopedManager autofillManager: AutofillManager,
-        appForegroundManager: AppForegroundManager,
+        appStateManager: AppStateManager,
        autofillEnabledManager: AutofillEnabledManager,
        lifecycleScope: LifecycleCoroutineScope,
    ): AutofillActivityManager =
        AutofillActivityManagerImpl(
            autofillManager = autofillManager,
-            appForegroundManager = appForegroundManager,
+            appStateManager = appStateManager,
            autofillEnabledManager = autofillEnabledManager,
            lifecycleScope = lifecycleScope,
        )
--- a/app/src/main/java/com/x8bit/bitwarden/data/autofill/di/AutofillModule.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/data/autofill/di/AutofillModule.kt
@@ -21,7 +21,6 @@ import com.x8bit.bitwarden.data.autofill.processor.AutofillProcessor
 import com.x8bit.bitwarden.data.autofill.processor.AutofillProcessorImpl
 import com.x8bit.bitwarden.data.autofill.provider.AutofillCipherProvider
 import com.x8bit.bitwarden.data.autofill.provider.AutofillCipherProviderImpl
-import com.x8bit.bitwarden.data.platform.manager.CrashLogsManager
 import com.x8bit.bitwarden.data.platform.manager.PolicyManager
 import com.x8bit.bitwarden.data.platform.manager.ciphermatching.CipherMatchingManager
 import com.x8bit.bitwarden.data.platform.manager.clipboard.BitwardenClipboardManager
@@ -121,7 +120,6 @@ object AutofillModule {
        policyManager: PolicyManager,
        saveInfoBuilder: SaveInfoBuilder,
        settingsRepository: SettingsRepository,
-        crashLogsManager: CrashLogsManager,
    ): AutofillProcessor =
        AutofillProcessorImpl(
            dispatcherManager = dispatcherManager,
@@ -131,7 +129,6 @@ object AutofillModule {
            policyManager = policyManager,
            saveInfoBuilder = saveInfoBuilder,
            settingsRepository = settingsRepository,
-            crashLogsManager = crashLogsManager,
        )

    @Singleton
--- a/app/src/main/java/com/x8bit/bitwarden/data/autofill/fido2/datasource/network/api/DigitalAssetLinkApi.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/data/autofill/fido2/datasource/network/api/DigitalAssetLinkApi.kt
@@ -1,6 +1,7 @@
 package com.x8bit.bitwarden.data.autofill.fido2.datasource.network.api

 import com.x8bit.bitwarden.data.autofill.fido2.datasource.network.model.DigitalAssetLinkResponseJson
+import com.x8bit.bitwarden.data.platform.datasource.network.model.NetworkResult
 import retrofit2.http.GET
 import retrofit2.http.Url

@@ -15,5 +16,5 @@ interface DigitalAssetLinkApi {
    @GET
    suspend fun getDigitalAssetLinks(
        @Url url: String,
-    ): Result<List<DigitalAssetLinkResponseJson>>
+    ): NetworkResult<List<DigitalAssetLinkResponseJson>>
 }
--- a/app/src/main/java/com/x8bit/bitwarden/data/autofill/fido2/datasource/network/service/DigitalAssetLinkServiceImpl.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/data/autofill/fido2/datasource/network/service/DigitalAssetLinkServiceImpl.kt
@@ -2,6 +2,7 @@ package com.x8bit.bitwarden.data.autofill.fido2.datasource.network.service

 import com.x8bit.bitwarden.data.autofill.fido2.datasource.network.api.DigitalAssetLinkApi
 import com.x8bit.bitwarden.data.autofill.fido2.datasource.network.model.DigitalAssetLinkResponseJson
+import com.x8bit.bitwarden.data.platform.datasource.network.util.toResult

 /**
 * Primary implementation of [DigitalAssetLinkService].
@@ -18,4 +19,5 @@ class DigitalAssetLinkServiceImpl(
            .getDigitalAssetLinks(
                url = "$scheme$relyingParty/.well-known/assetlinks.json",
            )
+            .toResult()
 }
--- a/app/src/main/java/com/x8bit/bitwarden/data/autofill/fido2/manager/Fido2CredentialManagerImpl.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/data/autofill/fido2/manager/Fido2CredentialManagerImpl.kt
@@ -2,6 +2,8 @@ package com.x8bit.bitwarden.data.autofill.fido2.manager

 import androidx.credentials.provider.CallingAppInfo
 import com.bitwarden.fido.ClientData
+import com.bitwarden.fido.Origin
+import com.bitwarden.fido.UnverifiedAssetLink
 import com.bitwarden.sdk.Fido2CredentialStore
 import com.bitwarden.vault.CipherView
 import com.x8bit.bitwarden.data.autofill.fido2.datasource.network.model.DigitalAssetLinkResponseJson
@@ -24,11 +26,13 @@ import com.x8bit.bitwarden.data.vault.datasource.sdk.model.AuthenticateFido2Cred
 import com.x8bit.bitwarden.data.vault.datasource.sdk.model.RegisterFido2CredentialRequest
 import com.x8bit.bitwarden.data.vault.datasource.sdk.util.toAndroidAttestationResponse
 import com.x8bit.bitwarden.data.vault.datasource.sdk.util.toAndroidFido2PublicKeyCredential
+import com.x8bit.bitwarden.ui.platform.base.util.toHostOrPathOrNull
 import kotlinx.serialization.SerializationException
 import kotlinx.serialization.encodeToString
 import kotlinx.serialization.json.Json

-private const val ALLOW_LIST_FILE_NAME = "fido2_privileged_allow_list.json"
+private const val GOOGLE_ALLOW_LIST_FILE_NAME = "fido2_privileged_google.json"
+private const val COMMUNITY_ALLOW_LIST_FILE_NAME = "fido2_privileged_community.json"

 /**
 * Primary implementation of [Fido2CredentialManager].
@@ -65,11 +69,23 @@ class Fido2CredentialManagerImpl(
                    .packageName,
            )
        }
-        val origin = fido2CredentialRequest
+        val assetLinkUrl = fido2CredentialRequest
            .origin
            ?: getOriginUrlFromAttestationOptionsOrNull(fido2CredentialRequest.requestJson)
            ?: return Fido2RegisterCredentialResult.Error

+        val origin = Origin.Android(
+            UnverifiedAssetLink(
+                packageName = fido2CredentialRequest.packageName,
+                sha256CertFingerprint = fido2CredentialRequest
+                    .callingAppInfo
+                    .getSignatureFingerprintAsHexString()
+                    ?: return Fido2RegisterCredentialResult.Error,
+                host = assetLinkUrl.toHostOrPathOrNull()
+                    ?: return Fido2RegisterCredentialResult.Error,
+                assetLinkUrl = assetLinkUrl,
+            ),
+        )
        return vaultSdkSource
            .registerFido2Credential(
                request = RegisterFido2CredentialRequest(
@@ -157,7 +173,16 @@ class Fido2CredentialManagerImpl(
                    .authenticateFido2Credential(
                        request = AuthenticateFido2CredentialRequest(
                            userId = userId,
-                            origin = origin,
+                            origin = Origin.Android(
+                                UnverifiedAssetLink(
+                                    callingAppInfo.packageName,
+                                    callingAppInfo.getSignatureFingerprintAsHexString()
+                                        ?: return Fido2CredentialAssertionResult.Error,
+                                    origin.toHostOrPathOrNull()
+                                        ?: return Fido2CredentialAssertionResult.Error,
+                                    origin,
+                                ),
+                            ),
                            requestJson = """{"publicKey": ${request.requestJson}}""",
                            clientData = clientData,
                            selectedCipherView = selectedCipherView,
@@ -179,7 +204,8 @@ class Fido2CredentialManagerImpl(
        callingAppInfo: CallingAppInfo,
        relyingPartyId: String,
    ): Fido2ValidateOriginResult {
-        return digitalAssetLinkService.getDigitalAssetLinkForRp(relyingParty = relyingPartyId)
+        return digitalAssetLinkService
+            .getDigitalAssetLinkForRp(relyingParty = relyingPartyId)
            .onFailure {
                return Fido2ValidateOriginResult.Error.AssetLinkNotFound
            }
@@ -191,7 +217,8 @@ class Fido2CredentialManagerImpl(
                    ?: return Fido2ValidateOriginResult.Error.ApplicationNotFound
            }
            .map { matchingStatements ->
-                callingAppInfo.getSignatureFingerprintAsHexString()
+                callingAppInfo
+                    .getSignatureFingerprintAsHexString()
                    ?.let { certificateFingerprint ->
                        matchingStatements
                            .filterMatchingAppSignaturesOrNull(
@@ -212,9 +239,46 @@ class Fido2CredentialManagerImpl(

    private suspend fun validatePrivilegedAppOrigin(
        callingAppInfo: CallingAppInfo,
+    ): Fido2ValidateOriginResult {
+        val googleAllowListResult =
+            validatePrivilegedAppSignatureWithGoogleList(callingAppInfo)
+        return when (googleAllowListResult) {
+            is Fido2ValidateOriginResult.Success -> {
+                // Application was found and successfully validated against the Google allow list so
+                // we can return the result as the final validation result.
+                googleAllowListResult
+            }
+
+            is Fido2ValidateOriginResult.Error -> {
+                // Check the community allow list if the Google allow list failed, and return the
+                // result as the final validation result.
+                validatePrivilegedAppSignatureWithCommunityList(callingAppInfo)
+            }
+        }
+    }
+
+    private suspend fun validatePrivilegedAppSignatureWithGoogleList(
+        callingAppInfo: CallingAppInfo,
+    ): Fido2ValidateOriginResult =
+        validatePrivilegedAppSignatureWithAllowList(
+            callingAppInfo = callingAppInfo,
+            fileName = GOOGLE_ALLOW_LIST_FILE_NAME,
+        )
+
+    private suspend fun validatePrivilegedAppSignatureWithCommunityList(
+        callingAppInfo: CallingAppInfo,
+    ): Fido2ValidateOriginResult =
+        validatePrivilegedAppSignatureWithAllowList(
+            callingAppInfo = callingAppInfo,
+            fileName = COMMUNITY_ALLOW_LIST_FILE_NAME,
+        )
+
+    private suspend fun validatePrivilegedAppSignatureWithAllowList(
+        callingAppInfo: CallingAppInfo,
+        fileName: String,
    ): Fido2ValidateOriginResult =
        assetManager
-            .readAsset(ALLOW_LIST_FILE_NAME)
+            .readAsset(fileName)
            .map { allowList ->
                callingAppInfo.validatePrivilegedApp(
                    allowList = allowList,
--- a/app/src/main/java/com/x8bit/bitwarden/data/autofill/fido2/model/Fido2CredentialAssertionRequest.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/data/autofill/fido2/model/Fido2CredentialAssertionRequest.kt
@@ -10,6 +10,7 @@ import kotlinx.parcelize.Parcelize
 */
@Parcelize
 data class Fido2CredentialAssertionRequest(
+    val userId: String,
    val cipherId: String?,
    val credentialId: String?,
    val requestJson: String,
--- a/app/src/main/java/com/x8bit/bitwarden/data/autofill/fido2/model/Fido2GetCredentialsRequest.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/data/autofill/fido2/model/Fido2GetCredentialsRequest.kt
@@ -14,6 +14,7 @@ import kotlinx.parcelize.Parcelize
 data class Fido2GetCredentialsRequest(
    val candidateQueryData: Bundle,
    val id: String,
+    val userId: String,
    val requestJson: String,
    val clientDataHash: ByteArray? = null,
    val packageName: String,
--- a/app/src/main/java/com/x8bit/bitwarden/data/autofill/fido2/model/Fido2GetCredentialsResult.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/data/autofill/fido2/model/Fido2GetCredentialsResult.kt
@@ -10,11 +10,13 @@ sealed class Fido2GetCredentialsResult {
    /**
     * Indicates credentials were successfully queried.
     *
+     * @param userId ID of the user whose credentials were queried.
     * @param options Original request options provided by the relying party.
     * @param credentials Collection of [Fido2CredentialAutofillView]s matching the original request
     * parameters. This may be an empty list if no matching values were found.
     */
    data class Success(
+        val userId: String,
        val options: BeginGetPublicKeyCredentialOption,
        val credentials: List<Fido2CredentialAutofillView>,
    ) : Fido2GetCredentialsResult()
--- a/app/src/main/java/com/x8bit/bitwarden/data/autofill/fido2/processor/Fido2ProviderProcessorImpl.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/data/autofill/fido2/processor/Fido2ProviderProcessorImpl.kt
@@ -161,6 +161,7 @@ class Fido2ProviderProcessorImpl(
                title = context.getString(R.string.unlock),
                pendingIntent = intentManager.createFido2UnlockPendingIntent(
                    action = UNLOCK_ACCOUNT_INTENT,
+                    userId = userState.activeUserId,
                    requestCode = requestCode.getAndIncrement(),
                ),
            )
@@ -209,13 +210,14 @@ class Fido2ProviderProcessorImpl(
                        .getPasskeyAssertionOptionsOrNull(requestJson = option.requestJson)
                        ?.relyingPartyId
                        ?: throw GetCredentialUnknownException("Invalid data.")
-                    buildCredentialEntries(relyingPartyId, option)
+                    buildCredentialEntries(userId, relyingPartyId, option)
                } else {
                    throw GetCredentialUnsupportedException("Unsupported option.")
                }
            }

    private suspend fun buildCredentialEntries(
+        userId: String,
        relyingPartyId: String,
        option: BeginGetPublicKeyCredentialOption,
    ): List<CredentialEntry> {
@@ -236,12 +238,16 @@ class Fido2ProviderProcessorImpl(
                result
                    .fido2CredentialAutofillViews
                    .filter { it.rpId == relyingPartyId }
-                    .toCredentialEntries(option)
+                    .toCredentialEntries(
+                        userId = userId,
+                        option = option,
+                    )
            }
        }
    }

    private fun List<Fido2CredentialAutofillView>.toCredentialEntries(
+        userId: String,
        option: BeginGetPublicKeyCredentialOption,
    ): List<CredentialEntry> =
        this
@@ -253,6 +259,7 @@ class Fido2ProviderProcessorImpl(
                        pendingIntent = intentManager
                            .createFido2GetCredentialPendingIntent(
                                action = GET_PASSKEY_INTENT,
+                                userId = userId,
                                credentialId = it.credentialId.toString(),
                                cipherId = it.cipherId,
                                requestCode = requestCode.getAndIncrement(),
--- a/app/src/main/java/com/x8bit/bitwarden/data/autofill/fido2/util/Fido2IntentUtils.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/data/autofill/fido2/util/Fido2IntentUtils.kt
@@ -64,7 +64,11 @@ fun Intent.getFido2AssertionRequestOrNull(): Fido2CredentialAssertionRequest? {
    val cipherId = getStringExtra(EXTRA_KEY_CIPHER_ID)
        ?: return null

+    val userId: String = getStringExtra(EXTRA_KEY_USER_ID)
+        ?: return null
+
    return Fido2CredentialAssertionRequest(
+        userId = userId,
        cipherId = cipherId,
        credentialId = credentialId,
        requestJson = option.requestJson,
@@ -95,9 +99,13 @@ fun Intent.getFido2GetCredentialsRequestOrNull(): Fido2GetCredentialsRequest? {
        .callingAppInfo
        ?: return null

+    val userId: String = getStringExtra(EXTRA_KEY_USER_ID)
+        ?: return null
+
    return Fido2GetCredentialsRequest(
        candidateQueryData = option.candidateQueryData,
        id = option.id,
+        userId = userId,
        requestJson = option.requestJson,
        clientDataHash = option.clientDataHash,
        packageName = callingAppInfo.packageName,
--- a/app/src/main/java/com/x8bit/bitwarden/data/autofill/manager/AutofillActivityManagerImpl.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/data/autofill/manager/AutofillActivityManagerImpl.kt
@@ -2,7 +2,7 @@ package com.x8bit.bitwarden.data.autofill.manager

 import android.view.autofill.AutofillManager
 import androidx.lifecycle.LifecycleCoroutineScope
-import com.x8bit.bitwarden.data.platform.manager.AppForegroundManager
+import com.x8bit.bitwarden.data.platform.manager.AppStateManager
 import kotlinx.coroutines.flow.launchIn
 import kotlinx.coroutines.flow.onEach

@@ -12,7 +12,7 @@ import kotlinx.coroutines.flow.onEach
 class AutofillActivityManagerImpl(
    private val autofillManager: AutofillManager,
    private val autofillEnabledManager: AutofillEnabledManager,
-    appForegroundManager: AppForegroundManager,
+    appStateManager: AppStateManager,
    lifecycleScope: LifecycleCoroutineScope,
 ) : AutofillActivityManager {
    private val isAutofillEnabledAndSupported: Boolean
@@ -21,7 +21,7 @@ class AutofillActivityManagerImpl(
            autofillManager.isAutofillSupported

    init {
-        appForegroundManager
+        appStateManager
            .appForegroundStateFlow
            .onEach { autofillEnabledManager.isAutofillEnabled = isAutofillEnabledAndSupported }
            .launchIn(lifecycleScope)
--- a/app/src/main/java/com/x8bit/bitwarden/data/autofill/model/AutofillCipher.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/data/autofill/model/AutofillCipher.kt
@@ -48,7 +48,7 @@ sealed class AutofillCipher {
        val number: String,
    ) : AutofillCipher() {
        override val iconRes: Int
-            @DrawableRes get() = R.drawable.ic_card_item
+            @DrawableRes get() = R.drawable.ic_payment_card

        override val isTotpEnabled: Boolean
            get() = false
@@ -67,6 +67,6 @@ sealed class AutofillCipher {
        val username: String,
    ) : AutofillCipher() {
        override val iconRes: Int
-            @DrawableRes get() = R.drawable.ic_login_item
+            @DrawableRes get() = R.drawable.ic_globe
    }
 }
--- a/app/src/main/java/com/x8bit/bitwarden/data/autofill/processor/AutofillProcessorImpl.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/data/autofill/processor/AutofillProcessorImpl.kt
@@ -13,7 +13,6 @@ import com.x8bit.bitwarden.data.autofill.model.AutofillRequest
 import com.x8bit.bitwarden.data.autofill.parser.AutofillParser
 import com.x8bit.bitwarden.data.autofill.util.createAutofillSavedItemIntentSender
 import com.x8bit.bitwarden.data.autofill.util.toAutofillSaveItem
-import com.x8bit.bitwarden.data.platform.manager.CrashLogsManager
 import com.x8bit.bitwarden.data.platform.manager.PolicyManager
 import com.x8bit.bitwarden.data.platform.manager.dispatcher.DispatcherManager
 import com.x8bit.bitwarden.data.platform.repository.SettingsRepository
@@ -21,6 +20,7 @@ import com.x8bit.bitwarden.data.vault.datasource.network.model.PolicyTypeJson
 import kotlinx.coroutines.CoroutineScope
 import kotlinx.coroutines.Job
 import kotlinx.coroutines.launch
+import timber.log.Timber

 /**
 * The default implementation of [AutofillProcessor]. Its purpose is to handle autofill related
@@ -35,7 +35,6 @@ class AutofillProcessorImpl(
    private val parser: AutofillParser,
    private val saveInfoBuilder: SaveInfoBuilder,
    private val settingsRepository: SettingsRepository,
-    private val crashLogsManager: CrashLogsManager,
 ) : AutofillProcessor {

    /**
@@ -146,7 +145,7 @@ class AutofillProcessorImpl(
                } catch (e: RuntimeException) {
                    // This is to catch any TransactionTooLargeExceptions that could occur here.
                    // These exceptions get wrapped as a RuntimeException.
-                    crashLogsManager.trackNonFatalException(e)
+                    Timber.e(e, "Autofill Error")
                }
            }

--- a/app/src/main/java/com/x8bit/bitwarden/data/autofill/util/AutofillIntentUtils.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/data/autofill/util/AutofillIntentUtils.kt
@@ -38,7 +38,7 @@ fun createAutofillSelectionIntent(
        .apply {
            // This helps prevent a crash when using the accessibility framework
            if (framework == AutofillSelectionData.Framework.ACCESSIBILITY) {
-                setFlags(Intent.FLAG_ACTIVITY_NEW_TASK)
+                setFlags(Intent.FLAG_ACTIVITY_NEW_TASK or Intent.FLAG_ACTIVITY_REORDER_TO_FRONT)
            }
            putExtra(
                AUTOFILL_BUNDLE_KEY,
--- a/app/src/main/java/com/x8bit/bitwarden/data/platform/datasource/disk/SettingsDiskSource.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/data/platform/datasource/disk/SettingsDiskSource.kt
@@ -68,6 +68,12 @@ interface SettingsDiskSource {
     */
    val hasUserLoggedInOrCreatedAccountFlow: Flow<Boolean?>

+    /**
+     * The instant when the last database scheme change was applied. `null` if no scheme changes
+     * have been applied yet.
+     */
+    var lastDatabaseSchemeChangeInstant: Instant?
+
    /**
     * Clears all the settings data for the given user.
     */
@@ -292,4 +298,20 @@ interface SettingsDiskSource {
     * Emits updates that track [getShowUnlockSettingBadge] for the given [userId].
     */
    fun getShowUnlockSettingBadgeFlow(userId: String): Flow<Boolean?>
+
+    /**
+     * Gets whether or not the given [userId] has signalled they want to import logins later.
+     */
+    fun getShowImportLoginsSettingBadge(userId: String): Boolean?
+
+    /**
+     * Stores the given value for whether or not the given [userId] has signalled they want to
+     * set import logins later, during first time usage.
+     */
+    fun storeShowImportLoginsSettingBadge(userId: String, showBadge: Boolean?)
+
+    /**
+     * Emits updates that track [getShowImportLoginsSettingBadge] for the given [userId].
+     */
+    fun getShowImportLoginsSettingBadgeFlow(userId: String): Flow<Boolean?>
 }
--- a/app/src/main/java/com/x8bit/bitwarden/data/platform/datasource/disk/SettingsDiskSourceImpl.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/data/platform/datasource/disk/SettingsDiskSourceImpl.kt
@@ -35,6 +35,8 @@ private const val INITIAL_AUTOFILL_DIALOG_SHOWN = "addSitePromptShown"
 private const val HAS_USER_LOGGED_IN_OR_CREATED_AN_ACCOUNT_KEY = "hasUserLoggedInOrCreatedAccount"
 private const val SHOW_AUTOFILL_SETTING_BADGE = "showAutofillSettingBadge"
 private const val SHOW_UNLOCK_SETTING_BADGE = "showUnlockSettingBadge"
+private const val SHOW_IMPORT_LOGINS_SETTING_BADGE = "showImportLoginsSettingBadge"
+private const val LAST_SCHEME_CHANGE_INSTANT = "lastDatabaseSchemeChangeInstant"

 /**
 * Primary implementation of [SettingsDiskSource].
@@ -64,6 +66,9 @@ class SettingsDiskSourceImpl(
    private val mutableShowUnlockSettingBadgeFlowMap =
        mutableMapOf<String, MutableSharedFlow<Boolean?>>()

+    private val mutableShowImportLoginsSettingBadgeFlowMap =
+        mutableMapOf<String, MutableSharedFlow<Boolean?>>()
+
    private val mutableIsIconLoadingDisabledFlow = bufferedMutableSharedFlow<Boolean?>()

    private val mutableIsCrashLoggingEnabledFlow = bufferedMutableSharedFlow<Boolean?>()
@@ -151,6 +156,10 @@ class SettingsDiskSourceImpl(
        get() = mutableHasUserLoggedInOrCreatedAccountFlow
            .onSubscription { emit(getBoolean(HAS_USER_LOGGED_IN_OR_CREATED_AN_ACCOUNT_KEY)) }

+    override var lastDatabaseSchemeChangeInstant: Instant?
+        get() = getLong(LAST_SCHEME_CHANGE_INSTANT)?.let { Instant.ofEpochMilli(it) }
+        set(value) = putLong(LAST_SCHEME_CHANGE_INSTANT, value?.toEpochMilli())
+
    override fun clearData(userId: String) {
        storeVaultTimeoutInMinutes(userId = userId, vaultTimeoutInMinutes = null)
        storeVaultTimeoutAction(userId = userId, vaultTimeoutAction = null)
@@ -167,6 +176,8 @@ class SettingsDiskSourceImpl(
        // The following are intentionally not cleared so they can be
        // restored after logging out and back in:
        // - screen capture allowed
+        // - show autofill setting badge
+        // - show unlock setting badge
    }

    override fun getAccountBiometricIntegrityValidity(
@@ -405,6 +416,24 @@ class SettingsDiskSourceImpl(
        getMutableShowUnlockSettingBadgeFlow(userId = userId)
            .onSubscription { emit(getShowUnlockSettingBadge(userId)) }

+    override fun getShowImportLoginsSettingBadge(userId: String): Boolean? {
+        return getBoolean(
+            key = SHOW_IMPORT_LOGINS_SETTING_BADGE.appendIdentifier(userId),
+        )
+    }
+
+    override fun storeShowImportLoginsSettingBadge(userId: String, showBadge: Boolean?) {
+        putBoolean(
+            key = SHOW_IMPORT_LOGINS_SETTING_BADGE.appendIdentifier(userId),
+            showBadge,
+        )
+        getMutableShowImportLoginsSettingBadgeFlow(userId).tryEmit(showBadge)
+    }
+
+    override fun getShowImportLoginsSettingBadgeFlow(userId: String): Flow<Boolean?> =
+        getMutableShowImportLoginsSettingBadgeFlow(userId)
+            .onSubscription { emit(getShowImportLoginsSettingBadge(userId)) }
+
    private fun getMutableLastSyncFlow(
        userId: String,
    ): MutableSharedFlow<Instant?> =
@@ -448,4 +477,11 @@ class SettingsDiskSourceImpl(
        mutableShowUnlockSettingBadgeFlowMap.getOrPut(userId) {
            bufferedMutableSharedFlow(replay = 1)
        }
+
+    private fun getMutableShowImportLoginsSettingBadgeFlow(
+        userId: String,
+    ): MutableSharedFlow<Boolean?> =
+        mutableShowImportLoginsSettingBadgeFlowMap.getOrPut(userId) {
+            bufferedMutableSharedFlow(replay = 1)
+        }
 }
--- a/app/src/main/java/com/x8bit/bitwarden/data/platform/datasource/disk/di/PlatformDiskModule.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/data/platform/datasource/disk/di/PlatformDiskModule.kt
@@ -26,8 +26,10 @@ import com.x8bit.bitwarden.data.platform.datasource.disk.legacy.LegacySecureStor
 import com.x8bit.bitwarden.data.platform.datasource.disk.legacy.LegacySecureStorageImpl
 import com.x8bit.bitwarden.data.platform.datasource.disk.legacy.LegacySecureStorageMigrator
 import com.x8bit.bitwarden.data.platform.datasource.disk.legacy.LegacySecureStorageMigratorImpl
+import com.x8bit.bitwarden.data.platform.manager.DatabaseSchemeManager
 import com.x8bit.bitwarden.data.platform.manager.dispatcher.DispatcherManager
 import com.x8bit.bitwarden.data.platform.repository.SettingsRepository
+import com.x8bit.bitwarden.data.vault.datasource.disk.callback.DatabaseSchemeCallback
 import com.x8bit.bitwarden.data.vault.datasource.disk.convertor.ZonedDateTimeTypeConverter
 import dagger.Module
 import dagger.Provides
@@ -35,6 +37,7 @@ import dagger.hilt.InstallIn
 import dagger.hilt.android.qualifiers.ApplicationContext
 import dagger.hilt.components.SingletonComponent
 import kotlinx.serialization.json.Json
+import java.time.Clock
 import javax.inject.Singleton

 /**
@@ -68,7 +71,11 @@ object PlatformDiskModule {

    @Provides
    @Singleton
-    fun provideEventDatabase(app: Application): PlatformDatabase =
+    fun provideEventDatabase(
+        app: Application,
+        databaseSchemeManager: DatabaseSchemeManager,
+        clock: Clock,
+    ): PlatformDatabase =
        Room
            .databaseBuilder(
                context = app,
@@ -77,6 +84,12 @@ object PlatformDiskModule {
            )
            .fallbackToDestructiveMigration()
            .addTypeConverter(ZonedDateTimeTypeConverter())
+            .addCallback(
+                DatabaseSchemeCallback(
+                    databaseSchemeManager = databaseSchemeManager,
+                    clock = clock,
+                ),
+            )
            .build()

    @Provides
--- a/app/src/main/java/com/x8bit/bitwarden/data/platform/datasource/disk/model/ServerConfig.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/data/platform/datasource/disk/model/ServerConfig.kt
@@ -19,4 +19,10 @@ data class ServerConfig(

    @SerialName("serverData")
    val serverData: ConfigResponseJson,
-)
+) {
+    /**
+     * Whether the server is an official Bitwarden server or not.
+     */
+    val isOfficialBitwardenServer: Boolean
+        get() = serverData.server == null
+}
--- a/app/src/main/java/com/x8bit/bitwarden/data/platform/datasource/network/api/ConfigApi.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/data/platform/datasource/network/api/ConfigApi.kt
@@ -1,6 +1,7 @@
 package com.x8bit.bitwarden.data.platform.datasource.network.api

 import com.x8bit.bitwarden.data.platform.datasource.network.model.ConfigResponseJson
+import com.x8bit.bitwarden.data.platform.datasource.network.model.NetworkResult
 import retrofit2.http.GET

 /**
@@ -9,5 +10,5 @@ import retrofit2.http.GET
 interface ConfigApi {

    @GET("config")
-    suspend fun getConfig(): Result<ConfigResponseJson>
+    suspend fun getConfig(): NetworkResult<ConfigResponseJson>
 }
--- a/app/src/main/java/com/x8bit/bitwarden/data/platform/datasource/network/api/EventApi.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/data/platform/datasource/network/api/EventApi.kt
@@ -1,5 +1,6 @@
 package com.x8bit.bitwarden.data.platform.datasource.network.api

+import com.x8bit.bitwarden.data.platform.datasource.network.model.NetworkResult
 import com.x8bit.bitwarden.data.platform.datasource.network.model.OrganizationEventJson
 import retrofit2.http.Body
 import retrofit2.http.POST
@@ -9,5 +10,7 @@ import retrofit2.http.POST
 */
 interface EventApi {
    @POST("/collect")
-    suspend fun collectOrganizationEvents(@Body events: List<OrganizationEventJson>): Result<Unit>
+    suspend fun collectOrganizationEvents(
+        @Body events: List<OrganizationEventJson>,
+    ): NetworkResult<Unit>
 }
--- a/app/src/main/java/com/x8bit/bitwarden/data/platform/datasource/network/api/PushApi.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/data/platform/datasource/network/api/PushApi.kt
@@ -1,5 +1,6 @@
 package com.x8bit.bitwarden.data.platform.datasource.network.api

+import com.x8bit.bitwarden.data.platform.datasource.network.model.NetworkResult
 import com.x8bit.bitwarden.data.platform.datasource.network.model.PushTokenRequest
 import retrofit2.http.Body
 import retrofit2.http.PUT
@@ -13,5 +14,5 @@ interface PushApi {
    suspend fun putDeviceToken(
        @Path("appId") appId: String,
        @Body body: PushTokenRequest,
-    ): Result<Unit>
+    ): NetworkResult<Unit>
 }
--- a/app/src/main/java/com/x8bit/bitwarden/data/platform/datasource/network/core/NetworkResultCall.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/data/platform/datasource/network/core/NetworkResultCall.kt
@@ -1,7 +1,6 @@
 package com.x8bit.bitwarden.data.platform.datasource.network.core

-import com.x8bit.bitwarden.data.platform.util.asFailure
-import com.x8bit.bitwarden.data.platform.util.asSuccess
+import com.x8bit.bitwarden.data.platform.datasource.network.model.NetworkResult
 import okhttp3.Request
 import okio.IOException
 import okio.Timeout
@@ -9,6 +8,7 @@ import retrofit2.Call
 import retrofit2.Callback
 import retrofit2.HttpException
 import retrofit2.Response
+import timber.log.Timber
 import java.lang.reflect.Type

 /**
@@ -17,36 +17,40 @@ import java.lang.reflect.Type
 private const val NO_CONTENT_RESPONSE_CODE: Int = 204

 /**
- * A [Call] for wrapping a network request into a [Result].
+ * A [Call] for wrapping a network request into a [NetworkResult].
 */
-class ResultCall<T>(
+@Suppress("TooManyFunctions")
+class NetworkResultCall<T>(
    private val backingCall: Call<T>,
    private val successType: Type,
-) : Call<Result<T>> {
+) : Call<NetworkResult<T>> {
    override fun cancel(): Unit = backingCall.cancel()

-    override fun clone(): Call<Result<T>> = ResultCall(backingCall, successType)
+    override fun clone(): Call<NetworkResult<T>> = NetworkResultCall(backingCall, successType)

-    override fun enqueue(callback: Callback<Result<T>>): Unit = backingCall.enqueue(
+    override fun enqueue(callback: Callback<NetworkResult<T>>): Unit = backingCall.enqueue(
        object : Callback<T> {
            override fun onResponse(call: Call<T>, response: Response<T>) {
-                callback.onResponse(this@ResultCall, Response.success(response.toResult()))
+                callback.onResponse(
+                    this@NetworkResultCall,
+                    Response.success(response.toNetworkResult()),
+                )
            }

            override fun onFailure(call: Call<T>, t: Throwable) {
-                callback.onResponse(this@ResultCall, Response.success(t.asFailure()))
+                callback.onResponse(this@NetworkResultCall, Response.success(t.toFailure()))
            }
        },
    )

    @Suppress("TooGenericExceptionCaught")
-    override fun execute(): Response<Result<T>> =
+    override fun execute(): Response<NetworkResult<T>> =
        try {
-            Response.success(backingCall.execute().toResult())
+            Response.success(backingCall.execute().toNetworkResult())
        } catch (ioException: IOException) {
-            Response.success(ioException.asFailure())
+            Response.success(ioException.toFailure())
        } catch (runtimeException: RuntimeException) {
-            Response.success(runtimeException.asFailure())
+            Response.success(runtimeException.toFailure())
        }

    override fun isCanceled(): Boolean = backingCall.isCanceled
@@ -58,25 +62,32 @@ class ResultCall<T>(
    override fun timeout(): Timeout = backingCall.timeout()

    /**
-     * Synchronously send the request and return its response as a [Result].
+     * Synchronously send the request and return its response as a [NetworkResult].
     */
-    fun executeForResult(): Result<T> = requireNotNull(execute().body())
+    fun executeForResult(): NetworkResult<T> = requireNotNull(execute().body())

-    private fun Response<T>.toResult(): Result<T> =
+    private fun Throwable.toFailure(): NetworkResult<T> {
+        // We rebuild the URL without query params, we do not want to log those
+        val url = backingCall.request().url.toUrl().run { "$protocol://$authority$path" }
+        Timber.w(this, "Network Error: $url")
+        return NetworkResult.Failure(this)
+    }
+
+    private fun Response<T>.toNetworkResult(): NetworkResult<T> =
        if (!this.isSuccessful) {
-            HttpException(this).asFailure()
+            HttpException(this).toFailure()
        } else {
            val body = this.body()
            @Suppress("UNCHECKED_CAST")
            when {
                // We got a nonnull T as the body, just return it.
-                body != null -> body.asSuccess()
+                body != null -> NetworkResult.Success(body)
                // We expected the body to be null since the successType is Unit, just return Unit.
-                successType == Unit::class.java -> (Unit as T).asSuccess()
+                successType == Unit::class.java -> NetworkResult.Success(Unit as T)
                // We allow null for 204's, just return null.
-                this.code() == NO_CONTENT_RESPONSE_CODE -> (null as T).asSuccess()
+                this.code() == NO_CONTENT_RESPONSE_CODE -> NetworkResult.Success(null as T)
                // All other null bodies result in an error.
-                else -> IllegalStateException("Unexpected null body!").asFailure()
+                else -> IllegalStateException("Unexpected null body!").toFailure()
            }
        }
 }
--- a/app/src/main/java/com/x8bit/bitwarden/data/platform/datasource/network/core/NetworkResultCallAdapter.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/data/platform/datasource/network/core/NetworkResultCallAdapter.kt
@@ -0,0 +1,17 @@
+package com.x8bit.bitwarden.data.platform.datasource.network.core
+
+import com.x8bit.bitwarden.data.platform.datasource.network.model.NetworkResult
+import retrofit2.Call
+import retrofit2.CallAdapter
+import java.lang.reflect.Type
+
+/**
+ * A [CallAdapter] for wrapping network requests into [NetworkResult].
+ */
+class NetworkResultCallAdapter<T>(
+    private val successType: Type,
+) : CallAdapter<T, Call<NetworkResult<T>>> {
+
+    override fun responseType(): Type = successType
+    override fun adapt(call: Call<T>): Call<NetworkResult<T>> = NetworkResultCall(call, successType)
+}
--- a/app/src/main/java/com/x8bit/bitwarden/data/platform/datasource/network/core/NetworkResultCallAdapterFactory.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/data/platform/datasource/network/core/NetworkResultCallAdapterFactory.kt
@@ -1,5 +1,6 @@
 package com.x8bit.bitwarden.data.platform.datasource.network.core

+import com.x8bit.bitwarden.data.platform.datasource.network.model.NetworkResult
 import retrofit2.Call
 import retrofit2.CallAdapter
 import retrofit2.Retrofit
@@ -7,9 +8,9 @@ import java.lang.reflect.ParameterizedType
 import java.lang.reflect.Type

 /**
- * A [CallAdapter.Factory] for wrapping network requests into [kotlin.Result].
+ * A [CallAdapter.Factory] for wrapping network requests into [NetworkResult].
 */
-class ResultCallAdapterFactory : CallAdapter.Factory() {
+class NetworkResultCallAdapterFactory : CallAdapter.Factory() {
    override fun get(
        returnType: Type,
        annotations: Array<out Annotation>,
@@ -18,13 +19,13 @@ class ResultCallAdapterFactory : CallAdapter.Factory() {
        check(returnType is ParameterizedType) { "$returnType must be parameterized" }
        val containerType = getParameterUpperBound(0, returnType)

-        if (getRawType(containerType) != Result::class.java) return null
+        if (getRawType(containerType) != NetworkResult::class.java) return null
        check(containerType is ParameterizedType) { "$containerType must be parameterized" }

        val requestType = getParameterUpperBound(0, containerType)

        return if (getRawType(returnType) == Call::class.java) {
-            ResultCallAdapter<Any>(successType = requestType)
+            NetworkResultCallAdapter<Any>(successType = requestType)
        } else {
            null
        }
--- a/app/src/main/java/com/x8bit/bitwarden/data/platform/datasource/network/core/ResultCallAdapter.kt
+++ b/app/src/main/java/com/x8bit/bitwarden/data/platform/datasource/network/core/ResultCallAdapter.kt
@@ -1,16 +0,0 @@
-package com.x8bit.bitwarden.data.platform.datasource.network.core
-
-import retrofit2.Call
-import retrofit2.CallAdapter
-import java.lang.reflect.Type
-
-/**
- * A [CallAdapter] for wrapping network requests into [kotlin.Result].
- */
-class ResultCallAdapter<T>(
-    private val successType: Type,
-) : CallAdapter<T, Call<Result<T>>> {
-
-    override fun responseType(): Type = successType
-    override fun adapt(call: Call<T>): Call<Result<T>> = ResultCall(call, successType)
-}
--- a/Show More
+++ b/Show More