Passkey on android for X.com (twitter)

candies123 · November 12, 2024, 6:30am

Hi all,
I am trying to create a passkey for X.com (twitter) on android (google pixel 6 pro) with android 15. The workflow just fails when BW asks for which account to save the passkey in. Attaching screenshots of the flow. See the toast on the last screenshot. Any help would be appreciated!

[Album] imgur.com

Nail1684 · November 12, 2024, 1:30pm

@candies123 Hi!

It seems, “X” only allows “their” passkeys being created on iOS or Android devices - and not in third-party passkey managers etc. See here: https://help.x.com/en/managing-your-account/how-to-use-passkey

candiesdoodle1 · November 12, 2024, 2:16pm

Hi, thanks. I have read that page. Which part of the page are you referring to?
No where does it say that passkeys cannot be stored on bitwarden. It gives the example of passkey sync across devises on iOS using iCloud keychain. It should be similar on Android using bitwarden.

Nail1684 · November 12, 2024, 2:21pm

@candiesdoodle1

FAQ:

And iCloud KeyChain is deeply ingrained in the iOS system - similar to the Google Password Manager on Android. So that is different than third-party passkey managers.

If X allowed storage in Bitwarden (or any other third-party passkey manager), then it wouldn’t make much sense to write, it is only possible on Android and iOS (because then why not desktop? why not Windows Hello e.g.?).

candiesdoodle1 · November 12, 2024, 2:32pm

I understand what you are trying to say - that X doesn’t allow storing passkeys on third party password managers. But X doesn’t know that there is a third party password manager. The implementation of BW is such that it intercepts the webauthn requests because it is the default passkey handler. X doesn’t know this.
On desktop, X doesn’t allow passkeys because it knows it’s on a desktop, not because there could be a third party password manager. Note, many websites and apps provide passkey capability on desktop using native windows authentication (like windows hello)

Nail1684 · November 12, 2024, 2:36pm

If it is written like that, it means “the system” Android/iOS (and their primary or “platform” password/passkey managers). It doesn’t mean “every password manager on this system also works”.

PS: So, to be clear: that is a restriction, “X” implemented, for whatever reason. It is not a Bitwarden problem.

Nail1684 · November 12, 2024, 2:38pm

E.g. there is the AAGUID (that might get checked here during the “registration ceremony” - and restricting it), which obviously is different for “Bitwarden” than for “Android” (and Google Password Manager) or “iOS” (and iCloud KeyChain).