Single Login on Local Device

13r0ck · August 1, 2020, 10:42pm

Feature name:

Feature Description

Currently if bw-desktop and bw-browser are installed on a computer, using both requires entering the master password twice, once in the browser and once in the desktop app. I am looking for a way to share the vault between the multiple installed instances, so that it is possible to login once, and have browser + desktop both unlock.

I can look into developing this myself, just looking for some pointers/ ideas for how to implement it best.
My current thinking was create an api call that allows for browser/desktop to see if the other has a decryptedCipherCache. Then at the login screen make the api call, if false then the user is logged in on neither, continue as usual.
If true, then using a pre-shared key to encrypt the CipherCache, transfer the Cache locally from the logged in browser/desktop to the one at the login screen.

I have only looked at the code in brief at this point, I am not sure if it would be possible to create a “two-headed snake” approach where the browser/desktop are just UI’s for the same vault?

I am looking for any suggestions. Thanks!
@kspearrin @tgreer

Clients / Repos Affected:

Browser
CLI (maybe?)
Desktop

Timeline to completion (estimate):

No idea

cscharf · August 2, 2020, 2:04am

We will need to look into something like this anyway as we go to integrate biometric unlock into the browser extension. Not sure about the 2-headed-snake approach or shared vault, having them both independent has tons of merit, however creating a connection, generally a 1-way (browser -> desktop) could allow some cross-talk, callbacks, and shared master key (once unlocked from desktop initiated from the browser, etc.) So something “similar” to this is on the radar.