Launching a login for a specific website is linked to another website login

Ask the Community Password Manager
, ,
21

Here is a better screenshot with personal information blocked.

20260205122607
20260205122607383×602 67.2 KB

22

When you click “Edit” for a login item, you should find the gear icon (on the right, next to a URI):

20260205122607
20260205122607383×602 70.2 KB

23

That is not exactly what I asked for, but it may help us get to the correct place. Please click on Edit in the options menu:

image
image159×531 8.44 KB

 

You should now see a page with the title Edit Login. Scroll down until you see a section with the header “Autofill Options”, where you will see the website address(es) that have been stored for this login — and that is where you should be looking for the gear icon:

image
image374×934 21.1 KB

 

This behavior, together with your inability to see the gear icon, suggests to me that the installation of your Bitwarden Safari extension may be significantly corrupted. You should probably uninstall/remove the browser extension from Safari, then delete the extension’s data folder ~/Library/Safari/Databases. Then reinstall.

24

Yes, I now see the gear icon you mention. What is the purpose of the gear?

25

I see the gear icon you mention.

26

This is getting over my head. I don’t know what to delete in ~/Library/Safari/Databases. I am afraid I will delete something I should not and make matters worse.

27

Clicking the gear will toggle the visibility of the “Match detection” option. This is a setting that may need to be adjusted to fix your problem.

OK, that’s fine, we can continue troubleshooting in Chrome (since the issue is evidently reproducible there, as well).

I have asked you several times to share the actual web addresses that you have stored for “Website A” and “Website B” (i.e., the exact contents of the “Website (URI)” field in the Edit Login page. Is this something that you are able to share, or not?

If yes, then it would also help if you can take screenshots of both login items (for both “Website A” and “Website B”), showing only the full contents of the “Autofill options” sections on the Edit Login page for each vault item.

28

Website A is my medicare health care provider and website B is a grocery store. These screenshots are from the Bitwarden desktop app. I clicked on the gear next to the URI. I can only post one image at a time due to an error message received (I am a new user). I’ll post the second screenshot in a following post.

20260205130055
202602051300551065×616 89.4 KB

29

Here is the second screenshot.

20260205130350
202602051303501065×616 89 KB

30

Have I provided you what you requested? Thank you for obscuring the personal info. My app doesn’t have a masking feature like some do.

31

Here is a screenshot (website A) of the Bitwarden Chrome extension, showing the autofill options using the gear icon.

20260205140105
20260205140105394×614 31.3 KB

32

Here is a screenshot (website B) of the Bitwarden Chrome extension, showing the autofill options using the gear icon.

20260205140627
20260205140627394×614 32.7 KB

33

That was one of the other mods here — I didn’t see it in time.

Yes, and thank you, that was exactly what I needed!

The good news is that I can reproduce what you are seeing (Sprout credentials being autofilled on the Alignment Health Plan login form).

The bad news is that I am unfortunately very busy today and tomorrow, so it may take me a while to diagnose the problem and determine whether this is an issue that can be fixed by clever configuration of the browser extension settings (in which case I will give you instructions), or whether you have in fact discovered a true software bug (in which case I will file a bug report for the developers).

Perhaps one of the other mods will beat me to the punch again; otherwise, please be patient and stay tuned for my follow-up post.

1 Like
34

@jcubed59 That was me. No big thing – when I see it, I do it for everyone. (PS: I added a comment to the edit, as always – I think it should be visible there who it was.)

Actually, I don’t think it’s that complicated.

I’m based in :european_union: and can’t access Sprout. But Alignment Health Plan I can access.

Here my summary:

  • when I access “Member Login” on the Alignment Health Plan site, I land on this URL:

    2026-02-06--00-55-10-vivaldi_VC1BEKBnSE
    2026-02-06--00-55-10-vivaldi_VC1BEKBnSE1341×739 45.5 KB

  • so, it’s base domain is b2clogin.com

  • the base domain for Sprout is also b2clogin.com

  • your @jcubed59 default match detection setting is “Base domain”

  • conclusion: autofill works as expected (however questionable this is for all sites that work on b2clogin.com) – if you want to solve this… and here you can use the gear icon…: set the URIs in both login items to e.g. “Host” as match detection

    • → the setting “Host” leads to autofill suggestions only on the “full domain”, so to speak – so e.g. only on sproutscustomerid.b2clogin.com – while “Base domain” fills on all b2clogin.com base domains

Disclaimer: all based on the assumption, that you both don’t “land” on another URL on that Members Login site (outside of the :european_union:) and/or something else might also be going on…

PS: More to the URI match detection settings is in the link @DenBesten provided before – here in repetition: Forming URIs for Autofill | Bitwarden

35

@jcubed59 Yes, @Nail1684 has it basically right. The solution to your problem is provided at the end of this comment. But first, an explanation…

Launching your Alignment Health Plan website goes to the stored web address (https://members.alignmenthealthplan.com/), which then immediately redirects a login page that looks like the following (the random characters at the end will be different each time):

https://ahcusamemberprd.b2clogin.com/ahcusamemberprd.onmicrosoft.com/b2c_1_token/oauth2/v2.0/authorize?client_id=1fc70862-cfc0-4348-a13d-66f0cbbbc21b&scope=https%3A%2F%2Fahcusamemberprd.onmicrosoft.com%2Fmemberxp-webapi%2Fmember.read%20https%3A%2F%2Fahcusamemberprd.onmicrosoft.com%2Fmemberxp-webapi%2Fmember.write%20openid%20profile%20offline_access&redirect_uri=https%3A%2F%2Fmembers.alignmenthealthplan.com&client-request-id=019c32af-b018-7ac4-8cfa-b311109c8090&response_mode=fragment&response_type=code&x-client-SKU=msal.js.browser&x-client-VER=3.26.1&client_info=1&code_challenge=6RtYt0xiB-5PEq0ft_kKWlOxhHXePeSzUPavsOFdNg0&code_challenge_method=S256&nonce=019c32af-b019-7cef-b8c7-20896251f722&state=eyJpZCI6IjAxOWMzMmFmLWIwMTktN2MxZi1iNzExLTdjNjlhOWZhYTgyOSIsIm1ldGEiOnsiaW50ZXJhY3Rpb25UeXBlIjoicmVkaXJlY3QifX0%3D

Because the new domain (ahcusamemberprd.b2clogin.com) is not stored as a Website in your Alignment Health Plan login item in Bitwarden, the browser extension does not recognize that your Alignment Health Plan account credentials should be autofilled here.

Complicating matters is that the Sprout login item is for a web address that looks something like the following (again, the random characters at the end will be different each time):

https://sproutscustomerid.b2clogin.com/sproutscustomerid.onmicrosoft.com/B2C_1A_SIGNUP_SIGNINV2/oauth2/v2.0/authorize?response_type=code&client_id=cc039dcc-48fd-46cb-9fe3-b5ad3bb27c4f&scope=openid+profile+email&state=sr_ksQQODh5-Wqnz9hqPM6DtBFnG88AAAGcL_ZWhQ&redirect_uri=https%3A%2F%2Fshop.sprouts.com%2Frest%2Fsso%2Fauth%2Fsprouts%2Fcallback&code_challenge_method=S256&code_challenge=gvVEkpG9fsIoKRjiewySXoKXT1a70_7ERNYkKv4OFIY

As pointed out by @Nail1684, the base domain of this web address (sproutscustomerid.b2clogin.com) is b2clogin.com — which matches the base domain of the Alignment Health Plan login page (also b2clogin.com)!

Therefore, because your match detection method (seen with the gear icon in the Edit Login view) has been set to “Default”, and because your default match detection method is “Base Domain” (which you can see if you open Settings > Autofill in the browser extension, and scroll down to the very bottom), the Bitwarden browser extension is tricked into thinking that your Sprout login credentials are actually for an account on the Alignment Health Plan website (thus autofilling the wrong credentials).

 

Solution to the Problem: :confetti_ball:

1. Stop Sprout Credentials Autofilling Alignment Health Login

Enter the Edit Login page for your Sprout login item in Bitwarden, click the gear icon next to the Website, and change the match detection selection from “Default” to “Host”. Don’t forget to Save.

2. Allow Alignment Health Credentials to Autofill

Enter the Edit Login page for your Alignment Health Plan login item in Bitwarden, click :plus: Add website, and enter the following in the blank “Website (URI)” field:

https://ahcusamemberprd.b2clogin.com

Next, click the gear icon for the ahcusamemberprd.b2clogin.com website, and change the match detection selection from “Default” to “Host”. Don’t forget to Save.

 

This should take care of your problem. If it doesn’t, please let us know.

36

Ha, I just came here to add, that autofill on “Alignment Health Plan” would also need an adjustment on the stored URI(s)… :+1:

1 Like
37

Just to explain the likely scenario at a higher flight-level…

Both the grocery store and the health provider use Microsoft Azure for their logins. If you pay close attention when logging into either website, you will notice that the URL temporarily changes to a Microsoft Azure web page (*.b2clogin.com) when you are at either login page.

When you created the grocery store login, you did so while on the b2clogin page, so that login is offered whenever you return to any of the b2clogin pages.

However, when you created the health provider login, you did so after having logged in, so it got associated with the members page, instead of the b2clogin page, which is why it is not being offered as an option while logging in.

Had you created both logins while still on the login page, you would have been offered a choice of both logins when logging into either site. Although this would work, it is not ideal.

The solution @Nail1684 offered (by setting match detection to “host”) causes the grocery store login to only be offered when on the grocery store’s b2clogin page, instead of all b2clogin pages.

And then, @grb expanded upon that by adding the health provider’s b2clogin page as a second URL on its vault entry (again with “host”) so that the health password will be offered as an option when on the health provider’s b2clogin page.

This fine-tuning of URLs to closely match the login webpage is one of the huge tricks for making auto-fill useful. Two tricks for making this easier:

  1. Get in the habit of creating Bitwarden logins while on the login page, but before actually logging in.
  2. When logins appear in the wrong place, try changing match detection on the one you do not want to see from “default (domain)” to “host”.
38

@grb and @Nail1684 I followed your suggested problem resolution and the resolution works as expected. I actually understand your explanation of the problem and the resolution. Thank you for your assistance, time, effort, expertise, and resolution!

2 Likes
39

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.