New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
KeePassXC Passkey Integration #8126
Comments
Hmm, how would this work? I think currently the userscript is invoked by a user to fill in fields on a page, but with passkey (which as I understand it is the same as webauthn in this context? See also the other, closed, qute issues about FIDO2) the auth request is initiated by the browser? With Qt 6.7 QtWebEngine is supposed to have an event it can send us to let us handle a webauthn auth request (mentioned here), so we would have to handle that and call the userscript somehow? Assuming we want to keep it as a userscript, which ideally the core browser knows nothing about, I guess that would look like adding a new config variable where you can configure an external webauthn ( |
i think webauthn support must be directly managed by the browser. in theory, keepassxc should be configured to show up as a webauthn device (i don't use keepassxc;this is just a general comment, as it's how 1Password works, which i've used for work). |
I don't know how this works at all. KeePassXC has a browser extension that, when Passkey support is enabled, the user gets a popup from KeePassXC. If they decline, it will go back to the system one. I don't know how their extension is stepping in front of the system one. On something like Windows, qutebrowser could open the normal biometrics popup, with some way to use KeePassXC or any other password manager instead, and fall back to the system one if declined. Ideally, it should be possible to configure some other program to use instead of the system dialogue, but right now I guess it's some weird extension that can intercept the system one, or something. Now this is just speculation from an idiot, but if it's an extension, maybe it can be done with a greasemonkey script? It would run on every website. |
Okay, so keepass has a browser extension, I see. Oh it looks like it does just intercept JS events! https://github.com/keepassxreboot/keepassxc-browser/blob/0934446d9d375488f166d008188af5bb52af9948/keepassxc-browser/content/passkeys.js#L149 Anyhow, since qtwebengine has (or soon will have) an API hook for this it would probably be better for us to use that than trying to bridge js <-> native apps securely. I suppose my comment above does pretty much describe that, so there is a few implementation details to work out. |
Now that KeePassXC 2.7.7 released with Passkey support, it would be nice if the qute-keepassxc userscript could support it.
The text was updated successfully, but these errors were encountered: