So im just testing atm but iv entered the “authenticator key” TOTP for a site into bitwarden but i can’t for the life of me see how to get it to generate the code? It logs into the first part of the site but when it asks for the TOTP all i can get is the password pasted into the OTP input box. Iv checked my clipboard, nothing there, i cant see any buttons to copy TOTP or anything like that. What am i missing or doing wrong, thx.
The only way to get TOTP copied to your clipboard is filling the login form (username + password) by clicking the item in the browser popup (not with the keyboard shortcut, nor with auto fill).
If you filled the form with one of the two not working methods, you have to :
- go to the popup
- click the “view item button” (not the whole line as it will try to auto fill)
- click the copy button next to the TOTP code
- paste it to the page
Quite a hassle to me but according to @kspearrin we can’t do better due to restrictions on the browser extension API.
Thx but i found out why, I gave up looking at it last night and went on to looking at other things. I was looking over what you get for a premium account and i found the answer :-/ , why have the input field active (or even visible) for TOTP if you don’t have a premium account as it gives the impression that you are supposed to use it.
Your comment is a bit strange (i know its just what you have been told) but if the FF addon API can generate the OPT then it can generate it. I dont understand “it can generate it by pressing X button but not Y button (or action)”
Its all academic anyhow as i wouldn’t use OTP in the same PW manager but i was just testing. Thx for the info though.
we can’t do better due to restrictions on the browser extension API
But 1PasswordX can handle TOTP just fine, once it logs you in it pastes the TOTP code right in on the next screen.
If I’m not mistaken (I’ve not developed browser extensions recently) :
- When you use a shortcut in the web view, it’s caught by the background script.
- When you do an action in the popup, it’s caught by another (different) script.
The background script doesn’t have access to the clipboard, the other does.
@kspearrin, I have a proposal : when pressing the keyboard shortcut, the extension should :
- Check wheter the page has a username + password field, if so fill them
then check whether the page has a TOTP field, and then fill it
That would solve the problem of filling the TOTP field whether it’s on the same page or not. Has this been tried yet ?
Otherwise, it would be interesting to try and reverse engineer how 1Password works ?
This is the problem. How do we accurately detect a TOTP field?
but do you need to check if a page has a OTP, just check if the BW login info for that page has a TOTP field filled with a key. Then at least put the generated key into the clipboard (or try and fill if pos)
Basically , id say if the BW login for a specific site does have a valid TOTP then there should be a way to easily “grab” the generated key (at any time really).
Maybe next to the button “copy password” there could be another button (if there is a valid TOTP filled in) to “copy TOTP generated key”
If you already do this then just ignore me, i have not yet paid (i will do) but i have not yet seen exactly how it is supposed to work.
We already do this if the browser allows.
The funny part is that Bitwarden uses the same code that 1Password uses to fill the username and password, they even do the same animations. But I think 1PasswordX doing the autofill of the TOTP is quite new so it’s a good chance Bitwarden might copy it too.