Automatic Biometrics Prompt on Open Popup

Feature name:

  • Automatic Biometrics Prompt on Open Popup

Feature Description

  • When Unlock with biometrics is enabled, clicking extension will trigger biometrics prompt automatically as default behavior.
  • A checkbox option should exist to disable this behavior and require original behavior of clicking Unlock with biometrics on lock screen.
  • Avoid triggering biometrics prompt after clicking Lock Now.
  • I originally commented on this at: Far too many prompts to unlock with biometrics (Windows Hello + browser) - #3 by cho-m

Clients / Repos Affected:

  • Web

Timeline to completion (estimate):

ETA: Q1/2021

I tried out a quick implementation, which can be seen in below GitHub comparison pages:

Some things that may need to be discussed:

  • decide if better to swap default behavior and checkbox option
  • not too sure if there is a better way to detect initial lock screen. currently using the window.previousPopupUrl, which is modified after every NavigationEnd inside app.component.ts.
  • possibly tweaking timing. currently set to 100ms matching the element focus event.

I also came for something similar.

The current unlock-and-fill procedure is just too slow and awkward, which you have to press the extension → unlock with biometrics → put your finger on the scanner. As I much prefer autofilling with the keyboard shortcut or using the experimental autofill on page load, I think the default action should be prompting you to unlock on any autofill action, whether it’s filling on page load, keyboard shortcut, or pressing on the extension.

Doesn’t seems like something hard to implement. If the team agrees, could start working on the code.

@cho-m I think that would be great! @cscharf @Hinton this would be nifty!

@allenhu1029 - I think this may fall in line with password re-prompt for some items, so users can decide if they want to use biometrics before filling in an item. @Hinton what do you think?

Is this a variant of the idea from feature requests:

I had previously tried running a modified version of the old WIP PR for those features, but I wasn’t able to programmatically call openPopup due to security restrictions.

You can always create a new GitHub Contribution topic with full details of what you want to do and get it reviewed by someone on Bitwarden team.

@cho-m Ahh yes this was what I was actually looking for, thanks for linking it.
I’ll look into that PR and see if I could create a working version.

@tgreer @cho-m I think this feature sounds great, one thing that pops to mind is that we would want to gracefully handle the desktop application not running. Opening the browser extension and getting a “start the desktop application” popup that needs to be immediately closed adds another prompt blocking the way. (Although it might be nice to inform the user we attempted to login using biometrics in a less intrusive way.

When I have a chance, I’ll take a look into this.

Based on a quick glance, I believe most of the messages are created inside NativeMessagingBackground.connect, so state data needs to be passed from LockComponent.ngOnInit to there.

I need to look further into whether storageService can be used for temporary data like this, or if some extra method parameters are needed.

May also take a look into using this.platformUtilsService.showToast for just displaying warning/error messages for this scenario.

Going from my memory I suspect adding another argument to platformUtilsService.authenticateBiometric would be preferred. It should provide a direct way to interact with the NativeMessagingBackground service. And might avoid the browser extension ending up in a weird state due to the popup closing unexpectedly.

Using toasts for warnings seems reasonable :+1:

I’m picking up where @cho-m left off and trying to get this feature across the finish line, but could use some guidance. I’m totally new to the Bitwarden codebase and learning as I go, any help is appreciated :slightly_smiling_face:

This is where I’m stuck. I understand that the biometric flow starts in LockComponent.ngOnInit, and somehow we have to get a parameter (i.e. waitForDesktop) from there to NativeMessagingBackground.connect. If waitForDesktop is true, we show the dialog telling the user to start the desktop app, otherwise we just show a toast.

But I don’t understand how to pass such a parameter through the BrowserCryptoService, which I think is required for this to work. Could you point me in the right direction?

I haven’t looked at the code in a while, but it would seem reasonable to add an argument userInitiated: boolean = false to platformUtilsService.authenticateBiometric, which can get passed along to the biometricCallback. Which can then be handled in browser/main.background.ts at master · bitwarden/browser · GitHub to let the background service know it shouldn’t generate dialogs.