mirror of
https://github.com/bitwarden/android.git
synced 2026-03-18 03:09:11 -05:00
Closed
opened 2025-11-26 23:26:10 -06:00 by GiteaMirror
·
0 comments
No Branch/Tag Specified
main
sdlc/sdk-update
PM-25654-preview-attachment
cx/android-architect-agent
PM-30130-remove-archive-feature-flag
premium-upgrade/PM-33510-billing-manager
llm/add-resolving-sdk-updates-skill
premium-upgrade/PM-33509-billing-repository
premium-upgrade/PM-33508-billing-api-service
QA-1523/sanity-test-saucelabs
release/2026.3-rc48
PM-24380/flight-recorder-redact-hostname
PM-26577-app-links-support
PM-26896-autofill-fix
release/2026.2-rc47
PM-32714/fallback-to-web-vault-host
pr-6572
PM-28834/setting-app-layout-horizonos
release/2026.2-rc46
release/2026.1-rc45
PM-30644/added-logs-for-debug
PM-30644/quicktile-nav-not-showing-migration
minor-gradle-updates
release/2026.1-rc42
release/2026.1-rc44
release/2026.1-rc43
PM-28834/set-landscape-on-horizonos-devices
context-rules
devclarity/update-code-review-command
PM-20026/force-ltr-passwords-and-codes
release/2025.12-rc41
cmcg/testCoverage
PM-29014/talkback-support-for-passwords
release/2025.12-rc40
BRE-1305/publish_test
accept-user-certs
autofill-permissions
release/2025.11-rc39
PM-22479/check-all-certificates-validate-asset-links
release/2025.10-rc38
agalles/android-latest
optimize-test-workflows
tier2-test-sharding
retro-agent
PM-27001/skip-account-selection-only-one-exists-cxp
release/2025.10-rc37
agalles/test-1118
release/2025.10-rc36
PM-20593-token-refresh
QA-1126b/adding-native-sanity-test
release/2025.9-rc35
pm-25933/sdk-update-password
release/2025.9-rc34
release/2025.8-rc33
agalles/20250821-release
debug-release-issues
pm-24249-allow-automated-prs-for-sdk-updates
release/2025.8-rc32
release/WORKFLOW-TEST-2025.8-rc28
agalles/20250807release
release/2025.07-rc25
release/hotfix-v2025.7.0-bwa
pm-23311/export-vault-policy-bypass
release/2025.07-rc24
authenticator-pm-sync-flags-issue
ps/implement-sdk-repository-example
release/hotfix-v2025.6.0-bwpm
release/2025.06-rc21
agalles/automate-android-fastlane-patch
release/2025.05-rc20
release/2025.04-rc19
languages/basque
release/2025.03-rc19
update-readme
qrcode/feature
innovation/archive/pm-19153-archive-items
qrcode/2-ui-fields
qrcode/1-page
hold-on-biometric-prompt-alternative
release-notes-process
release/2025.02-rc16
bwa-monorepo
PM-8223/new-device-verification-ux-improvements
pm-18451/exempt-from-policies
test-bwa
cs-workaround-linked-0-copy
release/2025.01-rc15
release/2025.01-rc14
release/2024.12-rc13
pm-16670/sync-leave-notice
821
PM-16695/backport-lean-more-new-device-verification
km/15084-testing
release/hotfix-v2024.11.7
release/2024.11-rc1
pm-11304/collection-add-item-button
PM-14241/disabling-logs-app-crash
poc/offline-editing
new-version-calc
pm-11649/expired-link-services
pm-6702/add-feature-flag
pm-6702/email-verification-feature
pm-9933/marketing-copy-update
pm-6702/registration-flows
update-templates
pm-6701/email-verification-selfhost-registration
v2026.2.1-bwpm
v2026.2.1-bwa
v2026.2.0-bwpm
v2026.2.0-bwa
v2026.1.1-bwa
v2026.1.1-bwpm
temp-test
v2026.1.0-bwpm
v2026.1.0-bwa
v2025.12.1-bwa
v2025.12.1-bwpm
v2025.12.0-bwa
v2025.12.0-bwpm
v2025.11.1-bwpm
v2025.11.1-bwa
v2025.11.0-bwpm
v2025.11.0-bwa
v2025.10.1-bwa
v2025.10.1-bwpm
v2025.10.0-bwa
v2025.10.0-bwpm
v2025.9.1-bwa
v2025.9.1-bwpm
v2025.9.0-bwa
v2025.9.0-bwpm
v2025.8.1-bwa
v2025.8.1-bwpm
v2025.8.0-bwa
v2025.8.0-bwpm
v2025.7.2-bwa
v2025.7.2-bwpm
v2025.7.1-bwa
v2025.7.1-bwpm
v2025.7.0-bwa
v2025.7.0-bwpm
v2025.6.1-bwpm
v2025.6.0-bwa
v2025.6.0-bwpm
v2025.1.0-bwa
v2025.5.0-bwa
v2025.5.0-bwpm
v2025.5.999
2025.4.0
v2025.4.0
untagged-4731eaadac73f3dfbbb8
v2025.3.0
v2025.2.0
untagged-815a165c5d70ffe75bc7
v2025.1.2
v2025.1.1
v2025.1.0
v2024.12.0
untagged-5a76b6392a4c8998c63a
v2024.11.7
v2024.11.6
v2024.11.5
v2024.11.4
v2024.11.3
v2024.11.2
v2024.11.1
v2024.11.0
v2024.10.2
v2024.10.1
v2024.10.0
v2024.9.0
v2024.8.1
v2024.8.0
v2024.7.3
v2024.7.2
v2024.7.1
v2024.7.0
v2024.6.1
v2024.6.0
v2024.5.1
v2024.4.1
v2024.4.2
v2024.4.0
v2024.3.3
v2024.3.1
v2024.3.0
v2024.2.1
v2024.2.0
v2024.1.1
v2024.1.0
v2023.12.0
v2023.10.0
v2023.9.2
maui-single-project-android
v2023.9.1
v2023.9.0
v2023.8.0
v2023.7.0
v2023.5.0
v2023.4.0
v2023.3.2
v2023.3.1
v2023.3.0
v2023.2.0
v2023.1.0
v2022.11.0
v2022.10.0
v2022.9.1
v2022.9.0
v2022.8.0
v2022.6.2
v2022.6.1
v2022.6.0
v2022.05.0
v2.18.0
v2.17.0
v2.16.4
v2.16.3
v2.16.2
v2.16.1
v2.15.0
v2.14.2
v2.14.1
v2.14.0
v2.13.0
v2.12.0
v2.11.3
v2.11.2
v2.11.1
v2.11.0
v2.10.0
v2.9.1
v2.9.0
v2.8.2
v2.8.1
v2.8.0
v2.7.2
v2.7.0
v2.6.1
v2.6.0
v2.5.6
v.2.5.5
v2.5.5
v2.5.4
v2.5.3
v2.5.2
v2.5.1
v2.5.0
v2.4.3
v2.4.2
v2.4.1
v2.4.0
v2.3.1
v2.3.0
v2.2.8
v2.2.7
v2.2.6
v2.2.2
v2.2.1
v2.2.0
v2.1.2
v2.1.0
v2.0.6
v2.0.5
v2.0.4
v2.0.3
v2.0.2
v2.0.1
v2.0.0
v1.22.1
v1.22.0
v1.21.0
v1.20.0
v1.19.0
v1.18.1
v1.18.0
v1.17.0
v1.16.0
v1.15.2
v1.15.1
v1.15.0
v1.14.4
v1.14.1
v1.14.0
v1.13.0
v1.12.2
v1.12.1
v1.12.0
v1.11.1
v1.11.0
v1.10.0
v1.9.0
v1.8.1
v1.8.0
v1.7.0
v1.6.5
v1.6.1
v1.6.0
v1.5.1
v1.5.0
v1.4.4
v1.4.3
v1.4.0
v1.3.0
v1.2.1
v1.2.0
v1.1.0
v1.0.0
v0.0.6
v0.0.5
v0.0.4
v0.0.3
v0.0.2
v0.0.1
No Label
pull-request
Milestone
No items
No Milestone
Projects
Clear projects
No project
No Assignees
Notifications
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: github-starred/android#2938
Reference in New Issue
Block a user
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.
Delete Branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
📋 Pull Request Information
Original PR: https://github.com/bitwarden/android/pull/1519
Author: @mpbw2
Created: 8/27/2021
Status: ✅ Merged
Merged: 8/30/2021
Merged by: @mpbw2
Base:
master← Head:feature-fido2webauthn📝 Commits (2)
9711b20FIDO2 / WebAuthn support for mobile1ab7fd6fixes📊 Changes
24 files changed (+272 additions, -151 deletions)
View changed files
📝
src/Android/Services/DeviceActionService.cs(+5 -0)📝
src/App/Abstractions/IDeviceActionService.cs(+1 -0)📝
src/App/Pages/Accounts/LoginPage.xaml(+1 -1)📝
src/App/Pages/Accounts/LoginPage.xaml.cs(+5 -6)📝
src/App/Pages/Accounts/LoginPageViewModel.cs(+6 -23)📝
src/App/Pages/Accounts/LoginSsoPageViewModel.cs(+11 -26)📝
src/App/Pages/Accounts/RegisterPage.xaml(+1 -1)📝
src/App/Pages/Accounts/RegisterPage.xaml.cs(+7 -1)📝
src/App/Pages/Accounts/RegisterPageViewModel.cs(+8 -27)📝
src/App/Pages/Accounts/TwoFactorPage.xaml(+24 -0)📝
src/App/Pages/Accounts/TwoFactorPage.xaml.cs(+6 -2)📝
src/App/Pages/Accounts/TwoFactorPageViewModel.cs(+80 -11)📝
src/App/Pages/CaptchaProtectedViewModel.cs(+9 -33)📝
src/App/Pages/Send/SendAddEditPage.xaml(+0 -4)📝
src/App/Resources/AppResources.Designer.cs(+30 -2)📝
src/App/Resources/AppResources.resx(+15 -0)📝
src/App/Services/MobilePlatformUtilsService.cs(+2 -2)📝
src/App/Utilities/AppHelpers.cs(+15 -0)📝
src/Core/Abstractions/IAuthService.cs(+1 -1)📝
src/Core/Abstractions/IPlatformUtilsService.cs(+1 -1)...and 4 more files
📄 Description
Support for FIDO2 WebAuthn in iOS & Android. Since iOS only supports FIDO2 via Safari, the decision was made to ditch the native API in Android and use a single code path for both platforms (using
WebAuthenticator; I'll push the native API work to a separate branch in case we ever want to revisit). This has the added benefit of not excluding our F-Droid users since the native API is part of Google Play Services, as well as being able to ship this ASAP without waiting for these changes to make it into production.Additional changes: Reworked the method of showing the progress dialog/spinner during use of
WebAuthenticatorbased on issues discovered while working on FIDO that I inadvertently avoided while working on SSO. Brought these changes to captcha as well to smooth out the flow.Also discovered the latest version of WebAuthenticator supports ephemeral webviews on iOS which has the additional side-effect of not prompting to open the view, so I applied this to both WebAuthn & captcha to smooth out the experience (left in place for SSO because of our use of cookies across sessions).
Tested with a YubiKey 5C NFC & 5Ci, which covers NFC, USB-C, and Lightning.
Notes on NFC: This process is clumsy on Android due to the speed of the handoff to the default scan handler after the FIDO2 scan is complete, combined with the way the system treats impromptu scans. If you don't physically distance the key soon enough after the FIDO2 scan the default handler scans it again and opens a web browser showing a Yubico page. You can time it with the device vibrations to get a perfect scan - a successful WebAuthn scan will result in 2 distinct vibrations. If you feel a 3rd one, you waited too long. And if you only feel 1, you pulled away too soon and the scan will fail with an error. (For the record this happens with the native FIDO2 API as well). Technically iOS does this as well but they trigger a notification instead of opening a browser, so the user doesn't have to worry about their reflexes during login.
Edit: Forgot to mention some UI work is still needed for the mobile webauthn-connector:
🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.