FIDO2 support for macOS and Linux desktop client

That’s a solid acquisition. Bitwarden is preparing for a future of passwordless access. Will be interested to see their passkey support when it’s introduced later this year.

Would like to know this as well. I‘d rather only use FIDO2 as a second factor, like it‘s possible on the macOS client of 1P for example.

2 Likes

Agree, feature parity in supported clients should always be a high priority, its a poor UX to have different behaviors on different platforms. Thanks!

2 Likes

I’d also highly appreciate FIDO2 support on the MacOS desktop app. Had to reluctantly divert to a second F2A method…

Please increase priority on this :slightly_smiling_face:

5 Likes

+1 for increased priority on Snap/AppImage versions of Bitwarden Desktop. I am relying on the extension but it’s horrible UX to rely on my browser all the time.

2 Likes

I am recently trying out NordPass (although I will never move away from Bitwarden because I like more for many reasons).

Now I use a Yubikey as my FIDO WebAuthn authenticator for NordPass, so no OTP. When I use the desktop app for Nordpass, I enter my email and password, it launches a browser with something like OAuth (in the URL, there is “oauth”) and then there is some sort of callback to the desktop app (I think). Its similar to how FIDO2 WebAuthn authenticators work for the Bitwarden Android app. I am not too technically inclined, so I might be misunderstanding some of the details and terminology, so if anyone can correct me on that, I’d appreciate it.

Anyways, how is it possible that NordPass can do this on MacOS but Bitwarden desktop app can’t? Are they possibly using something other than Electron framework?

Yes, I would also love this. I thought this was supposed to be fixed years ago? But I also can’t use my Yubikey on Linux or Mac desktop client.

I really hope the desktop app will support passwordless login with passkeys, ideally with hardware keys. How much is known about the upcoming passkey support?

1 Like

This does not appear to be on the roadmap, will it getting any attention in the near term?

Am I correct in assuming that without FIDO2 or U2F that passkey support will likely be impacted for these desktop applications as well?

1 Like

It’s been 3.5 years since this issue was first raised, and it still hasn’t been resolved for Macs. I wonder if Bitwarden has just decided not to compete with 1Password here? Hope its worked out soon with passkeys.

1 Like

Evidently, Bitwarden cannot do anything about this until Electron adds support for the WebAuthn protocol on macOS. Despite a flurry of activity in 2022, it seems that the Electron developer community has abandoned attempts to implement this.

Hi @seanchristians - great to see you again!
U2F has largely been surpassed by FIDO2 as the preferred standard, which Bitwarden supports across most client applications. Additional support is planned for the future, but please feel free to review Two-step Login via FIDO2 WebAuthn | Bitwarden Help Center in the interim for most up-to-date instructions.

I have changed the title of this Feature Request to “FIDO2 support for macOS and Linux desktop client” (was: “U2F Support for additional Bitwarden clients”).

@JaiBitwarden Even though the original feature request from 2020 mentioned U2F in its title, since then, several feature request threads that explicitly request FIDO2 support were merged into this thread to collect all votes in one place. Thus, the votes and comments here should be taken as a request for FIDO2 support, not U2F.

FIDO2/WebAuthn is still not supported on the Bitwarden Desktop client app for macOS or Linux, and I don’t see this happening anytime in the future until the required support is added to Electron.

Can you explain what you are alluding to here?

Sure @grb - I’m referring to what you mentioned regarding platform support. As the platforms evolve in the future, that will open options for additional client support.

Will WebAuthn be supported by the macOS app when passkey support is added?

This is true to the extend that electron’s native fido2 code only works on windows at the moment, so it is not possible to re-use this on mac and linux until electron adds support.

On the other hand there are 2 approaches that do work.

  1. The mobile clients use a browser “connector” where the client calls this site, the fido2 part is done in the browser site, and then a callback to “bitwarden://webauthn-callback” is done.
  2. The desktop clients use rust native modules already. Since there are rust libraries wrapping libfido2 or even implementing fido2 natively, these could be used to provide support.

I created a Pull-request just now using the first approach:

I only tested on Linux, but it should also work on Mac.

3 Likes

Any updates on this? It’s 2023 and I still can’t log into the Linux desptop app with my YubiKey.

Check the linked GitHub pull-request in my comment above. That’s the most up-to-date status on the topic. If you can build the desktop app yourself, you can have this functionality today, if not you will have to wait for Bitwarden to review, test and merge the PR.

bump

While I think I probably can build it myself, I would have to track updates and rebuild as needed. I don’t have that much extra time. So I figure bumping the thread may help the merge the PR to the official build.

I also suspect this may impact passkey on these clients as well. I think it should have some similarities.

1 Like