Biometric unlock browser extension feature, multiple browsers?

Note: Your question may already be answered in the [Bitwarden Help Center] (Help Center | Bitwarden Help & Support).

Ive been using the new Biometric unlock feature recently which is excellent, but I have a question. Ive been unable to enable this feature in additional browsers after setting up this feature in my default browser first. Is this a built-in restriction or a restriction of the API used, whatever the cause I’d really like to use this feature in all my browsers on my Win 10 PC as I use multiple browsers for assorted reasons. I’m not a developer myself but would think this can’t be intended restriction could it in the API?

If anyone reading this has been able to do what Ive not pls do fill in what I’m missing??

Thanks

Bitwarden biometric feature supports multiple browsers, but it works by creating a special “native-messaging” file in the browser-specific location.

On Windows Bitwarden 1.25.1, Bitwarden adds 2 registries:

So,

  • If the Chromium browser shares the ...\\Google\\Chrome\\... location, they may also work (I think this is the case for Vivaldi, Brave, etc., but need to make sure).

  • If the Chromium browser uses a unique location (not too sure if any do), this means support for feature doesn’t exist on those browsers.

  • For Firefox, the feature is only supported on new v87, which came out today.

You may want to list out which browsers are working vs. not working to get better support.

You can also see some other limitations at Unlock with Biometrics | Bitwarden Help & Support, quoted below:

Supportability

Unlock with Biometrics is supported for Extensions on Chromium-based browsers (Chrome, Edge, Opera, Brave, etc.). Unlock with Biometrics is currently not supported for:

  • Safari
  • Firefox (there’s a required up-stream enhancement to make nativeMessaging optional, documented here).
  • Microsoft App Store Desktop Apps (a side-loaded Windows Desktop App, available at bitwarden.com/download will work fine).
  • Side-loaded MacOS Desktop Apps (an App Store Desktop app will work fine).

OK it works in Brave Browser but not in my Edge Chromium browsers, I just get this error: -
Screenshot 2021-03-24 115959
So Its only running in my Brave browsers. Also I just tested my other Brave Editions Dev and nightly and unlock with Bio does work in those which didnt realise. So obviously Edge hasnt got the Reg Keys mentioned above. Can you tell me what keys to add manually in the Edge Reg Path??

You may just want to wait until Bitwarden adds the necessary code for writing registry to support Edge on Windows, though this may take some time as it will require pull request and new Bitwarden Desktop release.

The code change should be relatively simple by adding another line in GitHub part I previously linked. Maybe something like

                this.createWindowsRegistry('HKCU\\SOFTWARE\\Microsoft\\Edge', 'HKCU\\SOFTWARE\\Microsoft\\Edge\\NativeMessagingHosts\\com.8bit.bitwarden', path.join(destination, 'chrome.json'));

If you want to try manually adding registry key, the Edge Documentation is Native Messaging - Microsoft Edge Development | Microsoft Docs

The shell sections need to be modified for Bitwarden and run in command prompt.
I haven’t tried it myself, so you may want to wait for someone else to chime in here. Some notes:

  • Based on above docs, I think the registry key would be: HKCU\Software\Microsoft\Edge\NativeMessagingHosts\com.8bit.bitwarden
  • The JSON should be same one from Chrome and should already exist somewhere on your machine. One possible location could be: %AppData%\Bitwarden\browsers\chrome.json

Probably need further tests on this as main developer for this feature said that Edge should fallback to Chrome registry. See: GitHub 757,

On Windows the Computer\HKEY_CURRENT_USER\SOFTWARE\Google\Chrome registry directory seems to always exist even on a fresh install without Chrome. Since Edge seems to fallback to this path things should work fine on Windows.

Yeah, I managed to figure that part out from your Chrome reg reply, but seems it’s still not working?? Also, don’t know if this makes a difference but BitWarden Extension in Brave is from the MS Store not Google web store??

But Ive mirrored the key as above but still get the error?

Ive just tried updating Bitwarden Desktop from the latest rls on GitHub the one with Edge support in its rls notes, but still seeing the error it’s not enabled on the desktop app from the edge extension.

Question just had thought, it may be because I’m running Microsoft Defender application guard for edge and protected apps. So, if Edge is running in an isolated process from app guard, then maybe that is why it can’t talk to the desktop app. Ill test on edge on a VM to test my theory but it does make sense although I’m not familiar with how it treats extensions access to the desktop, I do have app guard set to allow clipboard, printing, GPU & saving of files??

Did some deeper investigation using Extension Dev mode, It seems my Extension is setup ok but something is blocking WSS from Edge but not from Brave?? The path is identical and paths look ok so I just need to work out what exactly is preventing WSS from edge only??

# Hmmm… can’t reach this page

It looks like the webpage at wss://notifications.bitwarden.com/hub?access_token=

*might be having issues or it may have moved permanently to a new web address.
ERR_DISALLOWED_URL_SCHEME


Strange??

That is possible. I’m not familiar with the behavior of Application Guard: Microsoft Edge and Microsoft Defender Application Guard | Microsoft Docs

Maybe someone else who uses Application Guard can chime in.

It might be worth checking that Edge with this disabled works. This will help narrow down the possible reason.

Def not app guard as its not in my isolated Network boundary its wss for sure just no idea what as brave works fine and edge has no extra restrictions on it other than the in app security features but even those ive disabled fully and still edge is not allowing wss for the ext api I’ve never liked wss to start with so until its fixed from other similar issues ill just skip to revert to pins.

But no idea why its only related to edge chrome and multiple editions of edge, then brave wss connects fine on chromium engine and im certain its not related to that native messaging hosts reg values i previously looked into?

Anyway ill keep retrying when updates install or i get a response elsewhere to chase down?

Thanks for your replies anyway.