[PR #3375] [CLOSED] [PM-8137] Perform device based verification during passkey registration #16935

New Issue

Closed

opened 2026-04-15 02:33:30 -05:00 by GiteaMirror · 0 comments

GiteaMirror commented 2026-04-15 02:33:30 -05:00

Owner

Copy Link

📋 Pull Request Information

Original PR: https://github.com/bitwarden/android/pull/3375
Author: @SaintPatrck
Created: 6/27/2024
Status: ❌ Closed

Base: main ← Head: PM-8137/fido2-registration-user-verification

---

📝 Commits (10+)

• 2feea9c Register FIDO 2 credential with new cipher
• a22d10e VaultAddEdit tests
• 69cbd7d Implement allCredentials and findCredentials SDK callbacks
• d38bda1 Omit PubliKeyCredentialAuthenticatorAttestationResponseExtensions from coverage reports
• 2a1e200 Grammar fix
• 6379dea Merge remote-tracking branch 'refs/remotes/origin/main' into PM-8137/register-fido2-credential
• 0d25426 Set user verification supported to true while in dev
• dcdb1eb Wrap SDK calls in runCatching and handle errors correctly
• 98f47b0 Merge remote-tracking branch 'refs/remotes/origin/main' into PM-8137/register-fido2-credential
• 5a49024 Document ext function

📊 Changes

29 files changed (+2907 additions, -1336 deletions)

View changed files

📝 app/src/main/java/com/x8bit/bitwarden/data/autofill/fido2/datasource/network/model/PublicKeyCredentialCreationOptions.kt (+30 -3)
📝 app/src/main/java/com/x8bit/bitwarden/data/autofill/fido2/manager/Fido2CredentialManager.kt (+2 -2)
📝 app/src/main/java/com/x8bit/bitwarden/data/autofill/fido2/manager/Fido2CredentialManagerImpl.kt (+19 -28)
➖ app/src/main/java/com/x8bit/bitwarden/data/autofill/fido2/model/Fido2CreateCredentialResult.kt (+0 -23)
➕ app/src/main/java/com/x8bit/bitwarden/data/autofill/fido2/model/Fido2RegisterCredentialResult.kt (+24 -0)
📝 app/src/main/java/com/x8bit/bitwarden/data/vault/datasource/sdk/VaultSdkSource.kt (+2 -31)
📝 app/src/main/java/com/x8bit/bitwarden/data/vault/datasource/sdk/VaultSdkSourceImpl.kt (+24 -46)
➕ app/src/main/java/com/x8bit/bitwarden/data/vault/datasource/sdk/model/AuthenticateFido2CredentialRequest.kt (+26 -0)
📝 app/src/main/java/com/x8bit/bitwarden/data/vault/datasource/sdk/model/Fido2CredentialAuthenticationUserInterfaceImpl.kt (+3 -4)
📝 app/src/main/java/com/x8bit/bitwarden/data/vault/datasource/sdk/model/Fido2CredentialRegistrationUserInterfaceImpl.kt (+23 -7)
📝 app/src/main/java/com/x8bit/bitwarden/data/vault/datasource/sdk/util/PublicKeyCredentialAuthenticatorAttestationResponseExtensions.kt (+2 -5)
📝 app/src/main/java/com/x8bit/bitwarden/ui/autofill/fido2/manager/Fido2CompletionManager.kt (+2 -2)
📝 app/src/main/java/com/x8bit/bitwarden/ui/autofill/fido2/manager/Fido2CompletionManagerImpl.kt (+15 -5)
📝 app/src/main/java/com/x8bit/bitwarden/ui/platform/manager/biometrics/BiometricsManager.kt (+16 -0)
📝 app/src/main/java/com/x8bit/bitwarden/ui/platform/manager/biometrics/BiometricsManagerImpl.kt (+63 -9)
📝 app/src/main/java/com/x8bit/bitwarden/ui/vault/feature/addedit/VaultAddEditScreen.kt (+43 -1)
📝 app/src/main/java/com/x8bit/bitwarden/ui/vault/feature/addedit/VaultAddEditViewModel.kt (+157 -21)
➕ app/src/main/java/com/x8bit/bitwarden/ui/vault/feature/addedit/handlers/VaultAddEditUserVerificationHandlers.kt (+48 -0)
📝 app/src/main/java/com/x8bit/bitwarden/ui/vault/feature/itemlisting/VaultItemListingScreen.kt (+32 -1)
📝 app/src/main/java/com/x8bit/bitwarden/ui/vault/feature/itemlisting/VaultItemListingViewModel.kt (+194 -36)

...and 9 more files

📄 Description

🎟️ Tracking

PM-8137

📔 Objective

Perform user verification (UV) during a FIDO 2 credential registration request.

When saving a new cipher for FIDO 2 credential registration we evaluate the request to determine if user verification should be performed. If user verification cannot be performed the user is notified, and upon acknowledgment the registration process is completed.

Testing notes

https://webauthn.io is a reliable site to test passkey registration. In order to support Bitwarden as a passkey provider in Chrome "Android Credential Management for passkeys" must be enabled for 3rd party passkeys from chrome://flags.

To validate user verification prompt is performed when required the Registration Settings can be modified so that User Verification is one of "Required" or "Preferred" to trigger UV, or "Discouraged" to skip UV.

📸 Screenshots

⏰ Reminders before review

• Contributor guidelines followed
• All formatters and local linters executed and passed
• Written new unit and / or integration tests where applicable
• Used internationalization (i18n) for all UI strings
• CI builds passed
• Communicated to DevOps any deployment requirements
• Updated any necessary documentation or informed the documentation team

🦮 Reviewer guidelines

• 👍 (:+1:) or similar for great changes
• 📝 (:memo:) or ℹ️ (:information_source:) for notes or general info
• ❓ (:question:) for questions
• 🤔 (:thinking:) or 💭 (:thought_balloon:) for more open inquiry that's not quite a confirmed
  issue and could potentially benefit from discussion
• 🎨 (:art:) for suggestions / improvements
• ❌ (:x:) or ⚠️ (:warning:) for more significant problems or concerns needing attention
• 🌱 (:seedling:) or ♻️ (:recycle:) for future improvements or indications of technical debt
• ⛏ (:pick:) for minor or nitpick changes

---

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/bitwarden/android/pull/3375 **Author:** [@SaintPatrck](https://github.com/SaintPatrck) **Created:** 6/27/2024 **Status:** ❌ Closed **Base:** `main` ← **Head:** `PM-8137/fido2-registration-user-verification` --- ### 📝 Commits (10+) - [`2feea9c`](https://github.com/bitwarden/android/commit/2feea9ca746563b86fe52638752533d3387ac85f) Register FIDO 2 credential with new cipher - [`a22d10e`](https://github.com/bitwarden/android/commit/a22d10e4ea30eac5ce3cbc850ac1f4fadd12a356) VaultAddEdit tests - [`69cbd7d`](https://github.com/bitwarden/android/commit/69cbd7db65c6925bf806302078f2fd4907746db6) Implement `allCredentials` and `findCredentials` SDK callbacks - [`d38bda1`](https://github.com/bitwarden/android/commit/d38bda10235589f50b37b32aca5496650f012048) Omit PubliKeyCredentialAuthenticatorAttestationResponseExtensions from coverage reports - [`2a1e200`](https://github.com/bitwarden/android/commit/2a1e2006a6b3eda96b7b880f06b71798289eb719) Grammar fix - [`6379dea`](https://github.com/bitwarden/android/commit/6379dea85265707a2c292f863b9277fd584674ae) Merge remote-tracking branch 'refs/remotes/origin/main' into PM-8137/register-fido2-credential - [`0d25426`](https://github.com/bitwarden/android/commit/0d2542665db127fab2c239031ce821987a217480) Set user verification supported to true while in dev - [`dcdb1eb`](https://github.com/bitwarden/android/commit/dcdb1eb9ad46a95b7bdb49e938fe450b1980471e) Wrap SDK calls in runCatching and handle errors correctly - [`98f47b0`](https://github.com/bitwarden/android/commit/98f47b0eb757acd91cfdcc5ce91a3c6aafd8af7e) Merge remote-tracking branch 'refs/remotes/origin/main' into PM-8137/register-fido2-credential - [`5a49024`](https://github.com/bitwarden/android/commit/5a49024670d5c165691a539904cf5c81bf66d42e) Document ext function ### 📊 Changes **29 files changed** (+2907 additions, -1336 deletions) <details> <summary>View changed files</summary> 📝 `app/src/main/java/com/x8bit/bitwarden/data/autofill/fido2/datasource/network/model/PublicKeyCredentialCreationOptions.kt` (+30 -3) 📝 `app/src/main/java/com/x8bit/bitwarden/data/autofill/fido2/manager/Fido2CredentialManager.kt` (+2 -2) 📝 `app/src/main/java/com/x8bit/bitwarden/data/autofill/fido2/manager/Fido2CredentialManagerImpl.kt` (+19 -28) ➖ `app/src/main/java/com/x8bit/bitwarden/data/autofill/fido2/model/Fido2CreateCredentialResult.kt` (+0 -23) ➕ `app/src/main/java/com/x8bit/bitwarden/data/autofill/fido2/model/Fido2RegisterCredentialResult.kt` (+24 -0) 📝 `app/src/main/java/com/x8bit/bitwarden/data/vault/datasource/sdk/VaultSdkSource.kt` (+2 -31) 📝 `app/src/main/java/com/x8bit/bitwarden/data/vault/datasource/sdk/VaultSdkSourceImpl.kt` (+24 -46) ➕ `app/src/main/java/com/x8bit/bitwarden/data/vault/datasource/sdk/model/AuthenticateFido2CredentialRequest.kt` (+26 -0) 📝 `app/src/main/java/com/x8bit/bitwarden/data/vault/datasource/sdk/model/Fido2CredentialAuthenticationUserInterfaceImpl.kt` (+3 -4) 📝 `app/src/main/java/com/x8bit/bitwarden/data/vault/datasource/sdk/model/Fido2CredentialRegistrationUserInterfaceImpl.kt` (+23 -7) 📝 `app/src/main/java/com/x8bit/bitwarden/data/vault/datasource/sdk/util/PublicKeyCredentialAuthenticatorAttestationResponseExtensions.kt` (+2 -5) 📝 `app/src/main/java/com/x8bit/bitwarden/ui/autofill/fido2/manager/Fido2CompletionManager.kt` (+2 -2) 📝 `app/src/main/java/com/x8bit/bitwarden/ui/autofill/fido2/manager/Fido2CompletionManagerImpl.kt` (+15 -5) 📝 `app/src/main/java/com/x8bit/bitwarden/ui/platform/manager/biometrics/BiometricsManager.kt` (+16 -0) 📝 `app/src/main/java/com/x8bit/bitwarden/ui/platform/manager/biometrics/BiometricsManagerImpl.kt` (+63 -9) 📝 `app/src/main/java/com/x8bit/bitwarden/ui/vault/feature/addedit/VaultAddEditScreen.kt` (+43 -1) 📝 `app/src/main/java/com/x8bit/bitwarden/ui/vault/feature/addedit/VaultAddEditViewModel.kt` (+157 -21) ➕ `app/src/main/java/com/x8bit/bitwarden/ui/vault/feature/addedit/handlers/VaultAddEditUserVerificationHandlers.kt` (+48 -0) 📝 `app/src/main/java/com/x8bit/bitwarden/ui/vault/feature/itemlisting/VaultItemListingScreen.kt` (+32 -1) 📝 `app/src/main/java/com/x8bit/bitwarden/ui/vault/feature/itemlisting/VaultItemListingViewModel.kt` (+194 -36) _...and 9 more files_ </details> ### 📄 Description ## 🎟️ Tracking PM-8137 ## 📔 Objective Perform user verification (UV) during a FIDO 2 credential registration request. When saving a new cipher for FIDO 2 credential registration we evaluate the request to determine if user verification should be performed. If user verification cannot be performed the user is notified, and upon acknowledgment the registration process is completed. ### Testing notes https://webauthn.io is a reliable site to test passkey registration. In order to support Bitwarden as a passkey provider in Chrome "Android Credential Management for passkeys" must be enabled for 3rd party passkeys from chrome://flags. To validate user verification prompt is performed when required the Registration Settings can be modified so that User Verification is one of "Required" or "Preferred" to trigger UV, or "Discouraged" to skip UV. ## 📸 Screenshots <img width="376" alt="image" src="https://github.com/bitwarden/android/assets/1883101/d042c291-ca4c-418a-bb76-6d662c04a7f5"> <img width="378" alt="image" src="https://github.com/bitwarden/android/assets/1883101/c16c5088-d294-4cfc-924b-5c9c18859042"> <img width="377" alt="image" src="https://github.com/bitwarden/android/assets/1883101/6a5edab2-9af4-4eff-9d81-33232d003098"> <img width="376" alt="image" src="https://github.com/bitwarden/android/assets/1883101/d1857edb-a4ca-4e67-881d-c229d3e96106"> ## ⏰ Reminders before review - Contributor guidelines followed - All formatters and local linters executed and passed - Written new unit and / or integration tests where applicable - Used internationalization (i18n) for all UI strings - CI builds passed - Communicated to DevOps any deployment requirements - Updated any necessary documentation or informed the documentation team ## 🦮 Reviewer guidelines <!-- Suggested interactions but feel free to use (or not) as you desire! --> - 👍 (`:+1:`) or similar for great changes - 📝 (`:memo:`) or ℹ️ (`:information_source:`) for notes or general info - ❓ (`:question:`) for questions - 🤔 (`:thinking:`) or 💭 (`:thought_balloon:`) for more open inquiry that's not quite a confirmed issue and could potentially benefit from discussion - 🎨 (`:art:`) for suggestions / improvements - ❌ (`:x:`) or ⚠️ (`:warning:`) for more significant problems or concerns needing attention - 🌱 (`:seedling:`) or ♻️ (`:recycle:`) for future improvements or indications of technical debt - ⛏ (`:pick:`) for minor or nitpick changes --- _{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

GiteaMirror added the pull-request label 2026-04-15 02:33:30 -05:00

GiteaMirror closed this issue 2026-04-15 02:33:31 -05:00

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

beta-for-qa

new-item-types/PM-32810_bank-account

target-sdk-37

PM-33982/build-device-screen

new-item-types/PM-32806_passport

new-item-types/PM-32808_drivers-license

BWA-99/show-next-totp

BWA-99/add-preview-next-totp-code-setting

renovate/glidecompose

sync-min-sdk

release/2026.4-rc51

fix/security-sast-22741894-bvwj

related-origin-passkey-creation

release/2026.4-rc50

platform/android-breaking-change-detection

innovation-sprint-2026-send-folder

release/2026.3-rc49

PM-34193-vault-lockout

android-collections

llm/add-resolving-sdk-updates-skill

QA-1523/sanity-test-saucelabs

release/2026.3-rc48

PM-26577-app-links-support

PM-26896-autofill-fix

release/2026.2-rc47

pr-6572

release/2026.2-rc46

release/2026.1-rc45

PM-30644/added-logs-for-debug

PM-30644/quicktile-nav-not-showing-migration

minor-gradle-updates

release/2026.1-rc42

release/2026.1-rc44

release/2026.1-rc43

PM-28834/set-landscape-on-horizonos-devices

PM-28468/validate-and-navigate-to-vault-migration

PM-20026/force-ltr-passwords-and-codes

release/2025.12-rc41

cmcg/testCoverage

PM-29014/talkback-support-for-passwords

release/2025.12-rc40

BRE-1305/publish_test

accept-user-certs

autofill-permissions

release/2025.11-rc39

PM-22479/check-all-certificates-validate-asset-links

release/2025.10-rc38

agalles/android-latest

retro-agent

PM-27001/skip-account-selection-only-one-exists-cxp

release/2025.10-rc37

agalles/test-1118

release/2025.10-rc36

PM-20593-token-refresh

QA-1126b/adding-native-sanity-test

release/2025.9-rc35

pm-25933/sdk-update-password

release/2025.9-rc34

release/2025.8-rc33

agalles/20250821-release

debug-release-issues

pm-24249-allow-automated-prs-for-sdk-updates

release/2025.8-rc32

release/WORKFLOW-TEST-2025.8-rc28

agalles/20250807release

release/2025.07-rc25

release/hotfix-v2025.7.0-bwa

pm-23311/export-vault-policy-bypass

release/2025.07-rc24

authenticator-pm-sync-flags-issue

release/hotfix-v2025.6.0-bwpm

release/2025.06-rc21

agalles/automate-android-fastlane-patch

release/2025.05-rc20

release/2025.04-rc19

languages/basque

release/2025.03-rc19

update-readme

qrcode/feature

innovation/archive/pm-19153-archive-items

qrcode/2-ui-fields

qrcode/1-page

hold-on-biometric-prompt-alternative

release-notes-process

release/2025.02-rc16

bwa-monorepo

PM-8223/new-device-verification-ux-improvements

pm-18451/exempt-from-policies

test-bwa

release/2025.01-rc15

release/2025.01-rc14

release/2024.12-rc13

pm-16670/sync-leave-notice

821

PM-16695/backport-lean-more-new-device-verification

release/hotfix-v2024.11.7

release/2024.11-rc1

pm-11304/collection-add-item-button

PM-14241/disabling-logs-app-crash

poc/offline-editing

new-version-calc

pm-11649/expired-link-services

pm-6702/add-feature-flag

pm-6702/email-verification-feature

pm-9933/marketing-copy-update

pm-6702/registration-flows

update-templates

pm-6701/email-verification-selfhost-registration

v2026.4.1-bwa

v2026.4.1-bwpm

v2026.4.0-bwa

v2026.4.0-bwpm

v2026.3.1-bwa

v2026.3.1-bwpm

v2026.3.0-bwpm

v2026.3.0-bwa

v2026.2.1-bwpm

v2026.2.1-bwa

v2026.2.0-bwpm

v2026.2.0-bwa

v2026.1.1-bwa

v2026.1.1-bwpm

temp-test

v2026.1.0-bwpm

v2026.1.0-bwa

v2025.12.1-bwa

v2025.12.1-bwpm

v2025.12.0-bwa

v2025.12.0-bwpm

v2025.11.1-bwpm

v2025.11.1-bwa

v2025.11.0-bwpm

v2025.11.0-bwa

v2025.10.1-bwa

v2025.10.1-bwpm

v2025.10.0-bwa

v2025.10.0-bwpm

v2025.9.1-bwa

v2025.9.1-bwpm

v2025.9.0-bwa

v2025.9.0-bwpm

v2025.8.1-bwa

v2025.8.1-bwpm

v2025.8.0-bwa

v2025.8.0-bwpm

v2025.7.2-bwa

v2025.7.2-bwpm

v2025.7.1-bwa

v2025.7.1-bwpm

v2025.7.0-bwa

v2025.7.0-bwpm

v2025.6.1-bwpm

v2025.6.0-bwa

v2025.6.0-bwpm

v2025.1.0-bwa

v2025.5.0-bwa

v2025.5.0-bwpm

v2025.5.999

2025.4.0

v2025.4.0

untagged-4731eaadac73f3dfbbb8

v2025.3.0

v2025.2.0

untagged-815a165c5d70ffe75bc7

v2025.1.2

v2025.1.1

v2025.1.0

v2024.12.0

untagged-5a76b6392a4c8998c63a

v2024.11.7

v2024.11.6

v2024.11.5

v2024.11.4

v2024.11.3

v2024.11.2

v2024.11.1

v2024.11.0

v2024.10.2

v2024.10.1

v2024.10.0

v2024.9.0

v2024.8.1

v2024.8.0

v2024.7.3

v2024.7.2

v2024.7.1

v2024.7.0

v2024.6.1

v2024.6.0

v2024.5.1

v2024.4.1

v2024.4.2

v2024.4.0

v2024.3.3

v2024.3.1

v2024.3.0

v2024.2.1

v2024.2.0

v2024.1.1

v2024.1.0

v2023.12.0

v2023.10.0

v2023.9.2

maui-single-project-android

v2023.9.1

v2023.9.0

v2023.8.0

v2023.7.0

v2023.5.0

v2023.4.0

v2023.3.2

v2023.3.1

v2023.3.0

v2023.2.0

v2023.1.0

v2022.11.0

v2022.10.0

v2022.9.1

v2022.9.0

v2022.8.0

v2022.6.2

v2022.6.1

v2022.6.0

v2022.05.0

v2.18.0

v2.17.0

v2.16.4

v2.16.3

v2.16.2

v2.16.1

v2.15.0

v2.14.2

v2.14.1

v2.14.0

v2.13.0

v2.12.0

v2.11.3

v2.11.2

v2.11.1

v2.11.0

v2.10.0

v2.9.1

v2.9.0

v2.8.2

v2.8.1

v2.8.0

v2.7.2

v2.7.0

v2.6.1

v2.6.0

v2.5.6

v.2.5.5

v2.5.5

v2.5.4

v2.5.3

v2.5.2

v2.5.1

v2.5.0

v2.4.3

v2.4.2

v2.4.1

v2.4.0

v2.3.1

v2.3.0

v2.2.8

v2.2.7

v2.2.6

v2.2.2

v2.2.1

v2.2.0

v2.1.2

v2.1.0

v2.0.6

v2.0.5

v2.0.4

v2.0.3

v2.0.2

v2.0.1

v2.0.0

v1.22.1

v1.22.0

v1.21.0

v1.20.0

v1.19.0

v1.18.1

v1.18.0

v1.17.0

v1.16.0

v1.15.2

v1.15.1

v1.15.0

v1.14.4

v1.14.1

v1.14.0

v1.13.0

v1.12.2

v1.12.1

v1.12.0

v1.11.1

v1.11.0

v1.10.0

v1.9.0

v1.8.1

v1.8.0

v1.7.0

v1.6.5

v1.6.1

v1.6.0

v1.5.1

v1.5.0

v1.4.4

v1.4.3

v1.4.0

v1.3.0

v1.2.1

v1.2.0

v1.1.0

v1.0.0

v0.0.6

v0.0.5

v0.0.4

v0.0.3

v0.0.2

v0.0.1

Labels

Clear labels

app:authenticator

app:password-manager

bug

bug-passkey

customer-support

duplicate

enhancement

good first issue

help wanted

needs-reply

needs-response

pull-request

Mirrored from GitHub Pull Request

question

No Label pull-request

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

GiteaMirror ninjasurge

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/android#16935