mirror of
https://github.com/bitwarden/android.git
synced 2026-03-13 05:34:14 -05:00
iOS Autofill: 'provide credentials without user interaction' does not work #1431
Closed
opened 2025-11-26 22:48:56 -06:00 by GiteaMirror
·
5 comments
No Branch/Tag Specified
main
premium-upgrade/PM-33507-banner-dismissal-persistence
premium-upgrade/PM-33506-premium-status-changed-push
premium-upgrade/PM-33505-mobile-premium-upgrade-flag
error-state-update
fix/PM-33394-cipher-error-handlers
fix/PM-33394-folder-error-handlers
fix/PM-33394-send-error-handlers
llm/add-resolving-sdk-updates-skill
llm/add-cherry-pick-skill
PM-29871-external-link-buttons
QA-1523/sanity-test-saucelabs
release/2026.3-rc48
sdlc/sdk-update
PM-24380/flight-recorder-redact-hostname
PM-26577-app-links-support
PM-26896-autofill-fix
renovate/lock-file-maintenance
release/2026.2-rc47
PM-32714/fallback-to-web-vault-host
pr-6572
PM-28834/setting-app-layout-horizonos
vvolkgang/process-release-notes-v2
release/2026.2-rc46
release/2026.1-rc45
PM-30644/added-logs-for-debug
PM-30644/quicktile-nav-not-showing-migration
minor-gradle-updates
release/2026.1-rc42
release/2026.1-rc44
release/2026.1-rc43
PM-28834/set-landscape-on-horizonos-devices
context-rules
devclarity/update-code-review-command
PM-20026/force-ltr-passwords-and-codes
release/2025.12-rc41
cmcg/testCoverage
claude-skill/creating-feature-flags
PM-29014/talkback-support-for-passwords
release/2025.12-rc40
BRE-1305/publish_test
accept-user-certs
autofill-permissions
release/2025.11-rc39
PM-22479/check-all-certificates-validate-asset-links
release/2025.10-rc38
agalles/android-latest
optimize-test-workflows
tier2-test-sharding
retro-agent
PM-27001/skip-account-selection-only-one-exists-cxp
release/2025.10-rc37
agalles/test-1118
release/2025.10-rc36
PM-20593-token-refresh
QA-1126b/adding-native-sanity-test
release/2025.9-rc35
pm-25933/sdk-update-password
release/2025.9-rc34
release/2025.8-rc33
agalles/20250821-release
debug-release-issues
pm-24249-allow-automated-prs-for-sdk-updates
release/2025.8-rc32
release/WORKFLOW-TEST-2025.8-rc28
agalles/20250807release
release/2025.07-rc25
release/hotfix-v2025.7.0-bwa
pm-23311/export-vault-policy-bypass
release/2025.07-rc24
authenticator-pm-sync-flags-issue
ps/implement-sdk-repository-example
release/hotfix-v2025.6.0-bwpm
release/2025.06-rc21
agalles/automate-android-fastlane-patch
release/2025.05-rc20
release/2025.04-rc19
languages/basque
release/2025.03-rc19
update-readme
qrcode/feature
innovation/archive/pm-19153-archive-items
qrcode/2-ui-fields
qrcode/1-page
hold-on-biometric-prompt-alternative
release-notes-process
release/2025.02-rc16
bwa-monorepo
PM-8223/new-device-verification-ux-improvements
pm-18451/exempt-from-policies
test-bwa
cs-workaround-linked-0-copy
release/2025.01-rc15
release/2025.01-rc14
release/2024.12-rc13
pm-16670/sync-leave-notice
821
PM-16695/backport-lean-more-new-device-verification
km/15084-testing
release/hotfix-v2024.11.7
release/2024.11-rc1
pm-11304/collection-add-item-button
PM-14241/disabling-logs-app-crash
poc/offline-editing
new-version-calc
pm-11649/expired-link-services
pm-6702/add-feature-flag
pm-6702/email-verification-feature
pm-9933/marketing-copy-update
pm-6702/registration-flows
update-templates
pm-6701/email-verification-selfhost-registration
v2026.2.1-bwpm
v2026.2.1-bwa
v2026.2.0-bwpm
v2026.2.0-bwa
v2026.1.1-bwa
v2026.1.1-bwpm
temp-test
v2026.1.0-bwpm
v2026.1.0-bwa
v2025.12.1-bwa
v2025.12.1-bwpm
v2025.12.0-bwa
v2025.12.0-bwpm
v2025.11.1-bwpm
v2025.11.1-bwa
v2025.11.0-bwpm
v2025.11.0-bwa
v2025.10.1-bwa
v2025.10.1-bwpm
v2025.10.0-bwa
v2025.10.0-bwpm
v2025.9.1-bwa
v2025.9.1-bwpm
v2025.9.0-bwa
v2025.9.0-bwpm
v2025.8.1-bwa
v2025.8.1-bwpm
v2025.8.0-bwa
v2025.8.0-bwpm
v2025.7.2-bwa
v2025.7.2-bwpm
v2025.7.1-bwa
v2025.7.1-bwpm
v2025.7.0-bwa
v2025.7.0-bwpm
v2025.6.1-bwpm
v2025.6.0-bwa
v2025.6.0-bwpm
v2025.1.0-bwa
v2025.5.0-bwa
v2025.5.0-bwpm
v2025.5.999
2025.4.0
v2025.4.0
untagged-4731eaadac73f3dfbbb8
v2025.3.0
v2025.2.0
untagged-815a165c5d70ffe75bc7
v2025.1.2
v2025.1.1
v2025.1.0
v2024.12.0
untagged-5a76b6392a4c8998c63a
v2024.11.7
v2024.11.6
v2024.11.5
v2024.11.4
v2024.11.3
v2024.11.2
v2024.11.1
v2024.11.0
v2024.10.2
v2024.10.1
v2024.10.0
v2024.9.0
v2024.8.1
v2024.8.0
v2024.7.3
v2024.7.2
v2024.7.1
v2024.7.0
v2024.6.1
v2024.6.0
v2024.5.1
v2024.4.1
v2024.4.2
v2024.4.0
v2024.3.3
v2024.3.1
v2024.3.0
v2024.2.1
v2024.2.0
v2024.1.1
v2024.1.0
v2023.12.0
v2023.10.0
v2023.9.2
maui-single-project-android
v2023.9.1
v2023.9.0
v2023.8.0
v2023.7.0
v2023.5.0
v2023.4.0
v2023.3.2
v2023.3.1
v2023.3.0
v2023.2.0
v2023.1.0
v2022.11.0
v2022.10.0
v2022.9.1
v2022.9.0
v2022.8.0
v2022.6.2
v2022.6.1
v2022.6.0
v2022.05.0
v2.18.0
v2.17.0
v2.16.4
v2.16.3
v2.16.2
v2.16.1
v2.15.0
v2.14.2
v2.14.1
v2.14.0
v2.13.0
v2.12.0
v2.11.3
v2.11.2
v2.11.1
v2.11.0
v2.10.0
v2.9.1
v2.9.0
v2.8.2
v2.8.1
v2.8.0
v2.7.2
v2.7.0
v2.6.1
v2.6.0
v2.5.6
v.2.5.5
v2.5.5
v2.5.4
v2.5.3
v2.5.2
v2.5.1
v2.5.0
v2.4.3
v2.4.2
v2.4.1
v2.4.0
v2.3.1
v2.3.0
v2.2.8
v2.2.7
v2.2.6
v2.2.2
v2.2.1
v2.2.0
v2.1.2
v2.1.0
v2.0.6
v2.0.5
v2.0.4
v2.0.3
v2.0.2
v2.0.1
v2.0.0
v1.22.1
v1.22.0
v1.21.0
v1.20.0
v1.19.0
v1.18.1
v1.18.0
v1.17.0
v1.16.0
v1.15.2
v1.15.1
v1.15.0
v1.14.4
v1.14.1
v1.14.0
v1.13.0
v1.12.2
v1.12.1
v1.12.0
v1.11.1
v1.11.0
v1.10.0
v1.9.0
v1.8.1
v1.8.0
v1.7.0
v1.6.5
v1.6.1
v1.6.0
v1.5.1
v1.5.0
v1.4.4
v1.4.3
v1.4.0
v1.3.0
v1.2.1
v1.2.0
v1.1.0
v1.0.0
v0.0.6
v0.0.5
v0.0.4
v0.0.3
v0.0.2
v0.0.1
Milestone
No items
No Milestone
Projects
Clear projects
No project
No Assignees
Notifications
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: github-starred/android#1431
Reference in New Issue
Block a user
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.
Delete Branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Originally created by @alexander-albers on GitHub (Mar 24, 2022).
Steps To Reproduce
Expected Result
Similar to the built-in iCloud Keychain behavior, I would expect that the password of the selected account would be filled in immediately, after a quick Face ID or Touch ID authentication. No further view controller should be shown when filling in a password from a selected account in the QuickType bar.
Actual Result
In every case, the custom Bitwarden controller is being displayed after tapping on an account from the QuickType bar. The user has to wait until the presenting animation finishes, then the user is being authenticated using Face ID or Touch ID, and only then the password will be filled in.
Screenshots or Videos
Tapping on the blue button should invoke FaceID right away, like seen in the first video. Instead, the Bitwarden View Controller is always being presented, as can be seen in the second video.
https://user-images.githubusercontent.com/27898390/159992954-daced3f9-4ac0-44a7-8a94-b3df92803697.mov
https://user-images.githubusercontent.com/27898390/159992973-a56d9955-0c08-4686-9730-699a332462c9.MP4
Additional Context
Here are my findings after some initial debugging:
The relevant method for filling in passwords from the QuickType bar is ProvideCredentialWithoutUserInteraction. It seems like Bitwarden always returns
UserInteractionRequired, which causes iOS to present the Bitwarden view controller:4bd06d2393/src/iOS.Autofill/CredentialProviderViewController.cs (L85-L91)In my case,
IsAuthed()always returnedtrue, butIsLocked()returnedtrueas well. Looking intoVaultTimeoutService, it seems like this method is responsible for this behavior:4bd06d2393/src/Core/Services/VaultTimeoutService.cs (L57-L69)biometricSetis alwaystrue, same asGetBiometricLockedAsync, meaning that the vault will always be in a "locked" state (at least until the password view controller has been shown).Possible solution
As a disclaimer, I have looked into the Bitwarden code for the first time just to debug this behavior, so I am not confident to provide a pull request for this. However, I personally think that the
IsLocked()method should not be checked insideProvideCredentialWithoutUserInteractionbecause at this point in time of the application flow there would have been no way thatBiometricLockedhad been set to false previously. Further, the mandatory Face ID authorization provided by iOS when tapping on the QuickType bar already serves as a mechanism to "unlock" the vault, so checking for the lock state is not necessary. But again, I am not confident to say anything about possible security implications when removing thisIsLocked()condition.Operating System
iOS
Operating System Version
No response
Device
No response
Build Version
2.17.1
Beta
@ok-nick commented on GitHub (Dec 26, 2022):
This issue really bothered me when I began using Bitwarden. I made an issue about it and a suggested an insecure workaround on the forum: https://community.bitwarden.com/t/option-to-disable-verification-for-auto-fill-on-ios/46266
@ok-nick commented on GitHub (Dec 26, 2022):
I took a quick peek around the code and exactly what you mentioned seems to be where we can make a change. There's just one thing we need to account for: if the user has
Password AutoFilldisabled in iOS settings andUnlock with Face IDenabled in Bitwarden settings. In this case should we still prompt the Bitwarden UI? The user is explicitly disabling biometrics, perhaps Bitwarden should respect that?Edit: It doesn't seem possible to read global device settings. I think the best route here would be to introduce a new setting to toggle biometrics for autofill.
@ok-nick commented on GitHub (Dec 26, 2022):
This is where the settings are handled for biometrics:
728182de6c/src/Core/Services/StateService.cs (L239-L253)I propose we introduce a new setting named
Use native Face IDorDisable pop-up, with a warning (the same warning you'd get when vault timeout is set toNever) just to clarify what it means, I don't think there's a better way to word it.@ok-nick commented on GitHub (Dec 26, 2022):
Unfortunately my mac is too old to install the latest version of Xcode so there's not much I can do.
@vvolkgang commented on GitHub (Jun 20, 2024):
Issue migrated to https://github.com/bitwarden/mobile/issues/1862