keepassxc-browser
keepassxc-browser copied to clipboard
KeepassXC passkey integration has less precedence, than browser internal one
Expected Behavior
Keepass plugin should have a precedence over browser internal passkey mechanisms. When site asks for passkey on its loading, keepass should catch it first, and then fallback to browser in case of missed credentials.
Current Behavior
Internal browser passkey mechanisms have precedence, if page asks for passkey immediately after load: only after browser popup closed, and passkey request reinitiated (without page reload), keepass can do its thing.
On some sites "try again" link reloads the page, making keepass passkeys inaccessible, since it in this case it never has a chance. For example: microsoft.com.
Possible Solution
If it is possible, keepass browser plugin should initialize its mechanisms earlier, to take precedence over browser.
Steps to Reproduce (for bugs)
- try to add passkey to microsoft.com account (https://account.live.com/proofs/Manage/additional -> Add a new way to sign in or verify -> Face, fingerprint, PIN, or security key);
- fail to add it, since keepass cant ask for passkey: passkey adding page opens, browser opens QR-code window, and on popup close page redirects to an error. No way to "try again" without page reloading.
Debug info
KeePassXC - 2.7.9 (flatpak) KeePassXC-Browser - 1.9.3 Operating system: Linux x86_64 Browser: Chrome/Chromium 128.0.0.0 (flatpak ungoogled chromium)