Work with Basic Auth

moucho · April 2, 2018, 4:12pm

Could be possible to autocomplete on Basic Auth screens?

When a website is protected with basic auth, a form pops up asking for an user and a password, before any content is shown.

In Firefox, I used this when using LastPass, so I guess it’s possible implement it, but I don’t know if it’s hard or worth it if it’s not common and not too many people use it.

Crocmagnon · April 3, 2018, 5:34am

This feature is already implemented, please see this GitHub issue (116) and especially this comment.

kspearrin:

I have created a solution for this in the next release using the web extension APIs that are available.

If you encounter a basic auth prompt and there is 1 login in your vault matching the given website, bitwarden will log you in automatically. You will never see the login prompt.

If bitwarden tries to perform the login from step 1 and the login credentials fail, you see the login prompt.

If there is no login in your vault for the given website, you see the login prompt.

Here’s the unfortunate one for now: If there is more than 1 login in your vault for the given website, you see the login prompt. I can’t know which login you want to use in this scenario. If we made the decision for you (ex. choosing the last used login), you would never be able to log in using any of the others since logging in happens automatically with these APIs. We cannot auto-login for you in this situation without the side effect of blocking you from using and others stored for the website.

It’s not the best solution, but it’s the only one I can see available at the moment.

moucho · April 3, 2018, 11:30am

Sorry, my bad.
I didn’t know it was already implemented, I assumed it was not as it was not login in and nothing was shown on Firefox related to bitwarden.

Thanks for the explanation, I will set it up right so it will work leaving only one login for that website.

Crocmagnon · April 4, 2018, 7:11am

No problem

Szymon_Sokol · January 23, 2019, 5:54pm

I just wrote that it still doesn’t work. Well, I was wrong. It works, but you must be careful about site matching rules. Since default matching is “base domain”, entries http://a.mydomain.org and http://b.mydomain.org are both considered match for any of these two sites (and for any other site in mydomain), preventing basic auth from being done automatically.