KeePassium icon indicating copy to clipboard operation
KeePassium copied to clipboard
verified publisher icon keepassium

Scanning QR code for OTP is broken on macOS

Open vit9696 opened this issue 11 months ago • 1 comments

Description On iOS it is possible to scan a QR code to setup OTP, but on macOS the entry is greyed out (disabled).

How to reproduce Steps to reproduce the behavior:

  1. Go to any entry.
  2. Start editing it.
  3. Click on setting up OTP.
  4. See 'Scan QR code' entry is greyed out.

Expected behavior Scanning QR code should be allowed just like on iOS version. I am also pretty sure it worked before in DEV builds.

Screenshots Screenshot 2025-01-11 at 17 46 44

Environment:

  • Device: Intel Mac using my iPhone as a camera
  • OS: macOS 14.7.2
  • App Version: 2.2.162 MAS

Additional context You can use your iPhone as a webcam on macOS (see this support article). This makes it reasonably convenient to scan OTP QR codes on screen.

vit9696 avatar Jan 11 '25 14:01 vit9696

This one has a bit of background.

Indeed, it used to be enabled — not sure if actually worked — in v1.53 and earlier. But then v1.54 needed iOS 18 SDK, which mandated upgrading to Xcode 16. For reasons that still remain mystery to me, Xcode 16 refused to compile yubikit-ios for Intel Mac target, with some very odd errors. After hours of googling and tinkering, I could not fix compilation and ended up removing Yubikit from MacCatalyst build altogether. QR scanner was part of Yubikit, so it went out as a side effect.

Ironically, Apple reviewers then gave me a hard time about 1) unused Camera entitlement, and then 2) disabled "Scan QR code" menu. The QR menu item was removed completely in 2.2.161, I'm not sure why you still see it in 2.2.162 :)

Ok, now back to the present day.

I don't quite see the point of resurrecting the QR scan option for a Mac.

QR-based setup makes most sense when the web service and the password manager are on different devices (e.g. KeePassium on iPhone, QR code on a Mac). But when the password manager is on a Mac, your OTP setup page is almost guaranteed to be on the very same Mac. And then one has a choice:

  • Set up iPhone as a webcam in order to scan the QR code from Mac screen into the same Mac, or
  • Click "Cannot scan the code" and copy-paste the OTP secret to the app (sometimes won't even have to click).

To me, the latter sounds much more usable/simple…

keepassium avatar Jan 13 '25 19:01 keepassium