github-starred/android
2
0
Fork 0
mirror of https://github.com/bitwarden/android.git synced 2026-03-14 14:16:23 -05:00
Code Issues 144 Packages Projects Releases 116 Wiki Activity

[PR #3375] [PM-8137] Perform device based verification during passkey registration #4182

New Issue
Closed
opened 2025-11-26 23:41:22 -06:00 by GiteaMirror · 0 comments
GiteaMirror commented 2025-11-26 23:41:22 -06:00
Owner
Copy Link

Original Pull Request: https://github.com/bitwarden/android/pull/3375

State: closed
Merged: No

🎟️ Tracking

PM-8137

📔 Objective

Perform user verification (UV) during a FIDO 2 credential registration request.

When saving a new cipher for FIDO 2 credential registration we evaluate the request to determine if user verification should be performed. If user verification cannot be performed the user is notified, and upon acknowledgment the registration process is completed.

Testing notes

https://webauthn.io is a reliable site to test passkey registration. In order to support Bitwarden as a passkey provider in Chrome "Android Credential Management for passkeys" must be enabled for 3rd party passkeys from chrome://flags.

To validate user verification prompt is performed when required the Registration Settings can be modified so that User Verification is one of "Required" or "Preferred" to trigger UV, or "Discouraged" to skip UV.

📸 Screenshots

image image image image

Reminders before review

  • Contributor guidelines followed
  • All formatters and local linters executed and passed
  • Written new unit and / or integration tests where applicable
  • Used internationalization (i18n) for all UI strings
  • CI builds passed
  • Communicated to DevOps any deployment requirements
  • Updated any necessary documentation or informed the documentation team

🦮 Reviewer guidelines

  • 👍 (:+1:) or similar for great changes
  • 📝 (:memo:) or ℹ️ (:information_source:) for notes or general info
  • (:question:) for questions
  • 🤔 (:thinking:) or 💭 (:thought_balloon:) for more open inquiry that's not quite a confirmed
    issue and could potentially benefit from discussion
  • 🎨 (:art:) for suggestions / improvements
  • (:x:) or ⚠️ (:warning:) for more significant problems or concerns needing attention
  • 🌱 (:seedling:) or ♻️ (:recycle:) for future improvements or indications of technical debt
  • ⛏ (:pick:) for minor or nitpick changes
**Original Pull Request:** https://github.com/bitwarden/android/pull/3375 **State:** closed **Merged:** No --- ## 🎟️ Tracking PM-8137 ## 📔 Objective Perform user verification (UV) during a FIDO 2 credential registration request. When saving a new cipher for FIDO 2 credential registration we evaluate the request to determine if user verification should be performed. If user verification cannot be performed the user is notified, and upon acknowledgment the registration process is completed. ### Testing notes https://webauthn.io is a reliable site to test passkey registration. In order to support Bitwarden as a passkey provider in Chrome "Android Credential Management for passkeys" must be enabled for 3rd party passkeys from chrome://flags. To validate user verification prompt is performed when required the Registration Settings can be modified so that User Verification is one of "Required" or "Preferred" to trigger UV, or "Discouraged" to skip UV. ## 📸 Screenshots <img width="376" alt="image" src="https://github.com/bitwarden/android/assets/1883101/d042c291-ca4c-418a-bb76-6d662c04a7f5"> <img width="378" alt="image" src="https://github.com/bitwarden/android/assets/1883101/c16c5088-d294-4cfc-924b-5c9c18859042"> <img width="377" alt="image" src="https://github.com/bitwarden/android/assets/1883101/6a5edab2-9af4-4eff-9d81-33232d003098"> <img width="376" alt="image" src="https://github.com/bitwarden/android/assets/1883101/d1857edb-a4ca-4e67-881d-c229d3e96106"> ## ⏰ Reminders before review - Contributor guidelines followed - All formatters and local linters executed and passed - Written new unit and / or integration tests where applicable - Used internationalization (i18n) for all UI strings - CI builds passed - Communicated to DevOps any deployment requirements - Updated any necessary documentation or informed the documentation team ## 🦮 Reviewer guidelines <!-- Suggested interactions but feel free to use (or not) as you desire! --> - 👍 (`:+1:`) or similar for great changes - 📝 (`:memo:`) or ℹ️ (`:information_source:`) for notes or general info - ❓ (`:question:`) for questions - 🤔 (`:thinking:`) or 💭 (`:thought_balloon:`) for more open inquiry that's not quite a confirmed issue and could potentially benefit from discussion - 🎨 (`:art:`) for suggestions / improvements - ❌ (`:x:`) or ⚠️ (`:warning:`) for more significant problems or concerns needing attention - 🌱 (`:seedling:`) or ♻️ (`:recycle:`) for future improvements or indications of technical debt - ⛏ (`:pick:`) for minor or nitpick changes
GiteaMirror added the pull-request label 2025-11-26 23:41:22 -06:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
app:authenticator
app:password-manager
bug
bug-passkey
customer-support
duplicate
enhancement
good first issue
help wanted
needs-reply
needs-response
pull-request
Mirrored from GitHub Pull Request
 question
No Label pull-request
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/android#4182
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?