URl escaped if WebAuthN is not supported #1595

New Issue

Closed

opened 2025-11-26 22:53:14 -06:00 by GiteaMirror · 3 comments

GiteaMirror commented 2025-11-26 22:53:14 -06:00

Owner

Copy Link

Originally created by @edent on GitHub (Feb 13, 2023).

Steps To Reproduce

1. Install BitWarden on a phone with only the default AOSP browser (no Chrome or Firefox)
2. Sign in to an account protected by a FIDO security key
3. Attempt to sign in using WebAuthN
4. An error message is displayed - the URl is improperly escaped

Expected Result

URl should be presented in an unescaped format.

Actual Result

The NotAllowedError message is difficult to read.

Screenshots or Videos

Additional Context

I believe this may have been introduced by #1534? It could also relate to #2334. It is also documented in https://github.com/bitwarden/mobile/issues/1594#issuecomment-1412097146

Operating System

Android

Operating System Version

13

Device

OnePlus 5T

Build Version

2023.1.0 (5786)

Beta

• Using a pre-release version of the application.

Originally created by @edent on GitHub (Feb 13, 2023). ### Steps To Reproduce 1. Install BitWarden on a phone with *only* the default AOSP browser (no Chrome or Firefox) 2. Sign in to an account protected by a FIDO security key 3. Attempt to sign in using WebAuthN 4. An error message is displayed - the URl is improperly escaped ### Expected Result URl should be presented in an unescaped format. ### Actual Result The `NotAllowedError` message is difficult to read. ### Screenshots or Videos  ### Additional Context I believe this may have been introduced by #1534? It could also relate to #2334. It is also documented in https://github.com/bitwarden/mobile/issues/1594#issuecomment-1412097146 ### Operating System Android ### Operating System Version 13 ### Device OnePlus 5T ### Build Version 2023.1.0 (5786) ### Beta - [ ] Using a pre-release version of the application.

GiteaMirror added the bug label 2025-11-26 22:53:14 -06:00

GiteaMirror closed this issue 2025-11-26 22:53:14 -06:00

GiteaMirror commented 2025-11-26 22:53:15 -06:00

Author

Owner

Copy Link

@SergeantConfused commented on GitHub (Feb 13, 2023):

Hi @edent,

Thank you for reporting this. Just to make sure that you and I are on the same page, by "default AOSP browser" are you referring to Android WebView?

Thank you in advance,

@SergeantConfused commented on GitHub (Feb 13, 2023): Hi @edent, Thank you for reporting this. Just to make sure that you and I are on the same page, by "default AOSP browser" are you referring to Android WebView? Thank you in advance,

GiteaMirror commented 2025-11-26 22:53:15 -06:00

Author

Owner

Copy Link

@edent commented on GitHub (Feb 13, 2023):

@SergeantConfused yes, the default Android WebView.

As per this announcement, it doesn't support WebAuthN https://groups.google.com/a/chromium.org/g/blink-dev/c/qCJhuuZH5p0

See also https://hwsecurity.dev/guide/fido-webview/ and https://mobile.twitter.com/agl__/status/1536058673327288320

@edent commented on GitHub (Feb 13, 2023): @SergeantConfused yes, the default Android WebView. As per this announcement, it doesn't support WebAuthN https://groups.google.com/a/chromium.org/g/blink-dev/c/qCJhuuZH5p0 See also https://hwsecurity.dev/guide/fido-webview/ and https://mobile.twitter.com/agl__/status/1536058673327288320

GiteaMirror commented 2025-11-26 22:53:15 -06:00

Author

Owner

Copy Link

@vvolkgang commented on GitHub (Jun 20, 2024):

Issue migrated to https://github.com/bitwarden/mobile/issues/2364

@vvolkgang commented on GitHub (Jun 20, 2024): Issue migrated to https://github.com/bitwarden/mobile/issues/2364

GiteaMirror referenced this issue 2025-11-26 23:26:49 -06:00

[PR #1595] [MERGED] fix gap in background color application resulting in flashing during transitions, part 2 #2989

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

crowdin-pull

sdlc/sdk-update

llm/skill-refinements

release/2026.3-rc49

PM-24380/flight-recorder-redact-hostname

sdk-folder-repo-interface

PM-25654-preview-attachment

android-collections

cx/android-architect-agent

PM-30130-remove-archive-feature-flag

llm/add-resolving-sdk-updates-skill

QA-1523/sanity-test-saucelabs

release/2026.3-rc48

PM-26577-app-links-support

PM-26896-autofill-fix

release/2026.2-rc47

PM-32714/fallback-to-web-vault-host

pr-6572

PM-28834/setting-app-layout-horizonos

release/2026.2-rc46

release/2026.1-rc45

PM-30644/added-logs-for-debug

PM-30644/quicktile-nav-not-showing-migration

minor-gradle-updates

release/2026.1-rc42

release/2026.1-rc44

release/2026.1-rc43

PM-28834/set-landscape-on-horizonos-devices

context-rules

devclarity/update-code-review-command

PM-20026/force-ltr-passwords-and-codes

release/2025.12-rc41

cmcg/testCoverage

PM-29014/talkback-support-for-passwords

release/2025.12-rc40

BRE-1305/publish_test

accept-user-certs

autofill-permissions

release/2025.11-rc39

PM-22479/check-all-certificates-validate-asset-links

release/2025.10-rc38

agalles/android-latest

optimize-test-workflows

tier2-test-sharding

retro-agent

PM-27001/skip-account-selection-only-one-exists-cxp

release/2025.10-rc37

agalles/test-1118

release/2025.10-rc36

PM-20593-token-refresh

QA-1126b/adding-native-sanity-test

release/2025.9-rc35

pm-25933/sdk-update-password

release/2025.9-rc34

release/2025.8-rc33

agalles/20250821-release

debug-release-issues

pm-24249-allow-automated-prs-for-sdk-updates

release/2025.8-rc32

release/WORKFLOW-TEST-2025.8-rc28

agalles/20250807release

release/2025.07-rc25

release/hotfix-v2025.7.0-bwa

pm-23311/export-vault-policy-bypass

release/2025.07-rc24

authenticator-pm-sync-flags-issue

ps/implement-sdk-repository-example

release/hotfix-v2025.6.0-bwpm

release/2025.06-rc21

agalles/automate-android-fastlane-patch

release/2025.05-rc20

release/2025.04-rc19

languages/basque

release/2025.03-rc19

update-readme

qrcode/feature

innovation/archive/pm-19153-archive-items

qrcode/2-ui-fields

qrcode/1-page

hold-on-biometric-prompt-alternative

release-notes-process

release/2025.02-rc16

bwa-monorepo

PM-8223/new-device-verification-ux-improvements

pm-18451/exempt-from-policies

test-bwa

cs-workaround-linked-0-copy

release/2025.01-rc15

release/2025.01-rc14

release/2024.12-rc13

pm-16670/sync-leave-notice

821

PM-16695/backport-lean-more-new-device-verification

km/15084-testing

release/hotfix-v2024.11.7

release/2024.11-rc1

pm-11304/collection-add-item-button

PM-14241/disabling-logs-app-crash

poc/offline-editing

new-version-calc

pm-11649/expired-link-services

pm-6702/add-feature-flag

pm-6702/email-verification-feature

pm-9933/marketing-copy-update

pm-6702/registration-flows

update-templates

pm-6701/email-verification-selfhost-registration

v2026.3.0-bwpm

v2026.3.0-bwa

v2026.2.1-bwpm

v2026.2.1-bwa

v2026.2.0-bwpm

v2026.2.0-bwa

v2026.1.1-bwa

v2026.1.1-bwpm

temp-test

v2026.1.0-bwpm

v2026.1.0-bwa

v2025.12.1-bwa

v2025.12.1-bwpm

v2025.12.0-bwa

v2025.12.0-bwpm

v2025.11.1-bwpm

v2025.11.1-bwa

v2025.11.0-bwpm

v2025.11.0-bwa

v2025.10.1-bwa

v2025.10.1-bwpm

v2025.10.0-bwa

v2025.10.0-bwpm

v2025.9.1-bwa

v2025.9.1-bwpm

v2025.9.0-bwa

v2025.9.0-bwpm

v2025.8.1-bwa

v2025.8.1-bwpm

v2025.8.0-bwa

v2025.8.0-bwpm

v2025.7.2-bwa

v2025.7.2-bwpm

v2025.7.1-bwa

v2025.7.1-bwpm

v2025.7.0-bwa

v2025.7.0-bwpm

v2025.6.1-bwpm

v2025.6.0-bwa

v2025.6.0-bwpm

v2025.1.0-bwa

v2025.5.0-bwa

v2025.5.0-bwpm

v2025.5.999

2025.4.0

v2025.4.0

untagged-4731eaadac73f3dfbbb8

v2025.3.0

v2025.2.0

untagged-815a165c5d70ffe75bc7

v2025.1.2

v2025.1.1

v2025.1.0

v2024.12.0

untagged-5a76b6392a4c8998c63a

v2024.11.7

v2024.11.6

v2024.11.5

v2024.11.4

v2024.11.3

v2024.11.2

v2024.11.1

v2024.11.0

v2024.10.2

v2024.10.1

v2024.10.0

v2024.9.0

v2024.8.1

v2024.8.0

v2024.7.3

v2024.7.2

v2024.7.1

v2024.7.0

v2024.6.1

v2024.6.0

v2024.5.1

v2024.4.1

v2024.4.2

v2024.4.0

v2024.3.3

v2024.3.1

v2024.3.0

v2024.2.1

v2024.2.0

v2024.1.1

v2024.1.0

v2023.12.0

v2023.10.0

v2023.9.2

maui-single-project-android

v2023.9.1

v2023.9.0

v2023.8.0

v2023.7.0

v2023.5.0

v2023.4.0

v2023.3.2

v2023.3.1

v2023.3.0

v2023.2.0

v2023.1.0

v2022.11.0

v2022.10.0

v2022.9.1

v2022.9.0

v2022.8.0

v2022.6.2

v2022.6.1

v2022.6.0

v2022.05.0

v2.18.0

v2.17.0

v2.16.4

v2.16.3

v2.16.2

v2.16.1

v2.15.0

v2.14.2

v2.14.1

v2.14.0

v2.13.0

v2.12.0

v2.11.3

v2.11.2

v2.11.1

v2.11.0

v2.10.0

v2.9.1

v2.9.0

v2.8.2

v2.8.1

v2.8.0

v2.7.2

v2.7.0

v2.6.1

v2.6.0

v2.5.6

v.2.5.5

v2.5.5

v2.5.4

v2.5.3

v2.5.2

v2.5.1

v2.5.0

v2.4.3

v2.4.2

v2.4.1

v2.4.0

v2.3.1

v2.3.0

v2.2.8

v2.2.7

v2.2.6

v2.2.2

v2.2.1

v2.2.0

v2.1.2

v2.1.0

v2.0.6

v2.0.5

v2.0.4

v2.0.3

v2.0.2

v2.0.1

v2.0.0

v1.22.1

v1.22.0

v1.21.0

v1.20.0

v1.19.0

v1.18.1

v1.18.0

v1.17.0

v1.16.0

v1.15.2

v1.15.1

v1.15.0

v1.14.4

v1.14.1

v1.14.0

v1.13.0

v1.12.2

v1.12.1

v1.12.0

v1.11.1

v1.11.0

v1.10.0

v1.9.0

v1.8.1

v1.8.0

v1.7.0

v1.6.5

v1.6.1

v1.6.0

v1.5.1

v1.5.0

v1.4.4

v1.4.3

v1.4.0

v1.3.0

v1.2.1

v1.2.0

v1.1.0

v1.0.0

v0.0.6

v0.0.5

v0.0.4

v0.0.3

v0.0.2

v0.0.1

Labels

Clear labels

app:authenticator

app:password-manager

bug

bug-passkey

customer-support

duplicate

enhancement

good first issue

help wanted

needs-reply

needs-response

pull-request

Mirrored from GitHub Pull Request

question

No Label bug

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

GiteaMirror ninjasurge

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/android#1595