keepassxc icon indicating copy to clipboard operation
keepassxc copied to clipboard
verified publisher icon keepassxreboot

[FdoSecrets] Serialize auth requests from the same client

Open Aetf opened this issue 3 years ago • 1 comments

Summary

From the discussion https://github.com/keepassxreboot/keepassxc/discussions/8082#discussion-4092557 and https://github.com/keepassxreboot/keepassxc/discussions/8082#discussioncomment-2803635.

Do not show auth prompts for the same client at the same time in parallel. Show them one by one, so that if the user select "allow for all", later ones can be automatically answered.

One step further is to add a timer with a small timeout per client before showing the first auth prompt, in the hope that the client is likely to request many secrets in a short time, and some timeout can be used to aggregate all requests in a single prompt.

Aetf avatar May 23 '22 21:05 Aetf

Another dimension is to serialize requests to the same database. In combination with per application serialization, at most #database dialogs will be shown.

Aetf avatar Oct 14 '22 00:10 Aetf

I'm also facing this problem with Evolution — I suspect that this may be the mail client OP is talking about. What's even worse, if you don't answer these prompts fast enough, Evolution timeouts and seems to remove some internal bit saying that the OAuth session key is in secrets db, effectively forcing to me sign in to all accounts again.

mgorny avatar Apr 13 '23 04:04 mgorny