ungoogled-chromium
ungoogled-chromium copied to clipboard
ungoogled-software
Incomplete Passkey integration regarding the macOS iCloud keychain
OS/Platform
macOS
Installed
https://ungoogled-software.github.io/ungoogled-chromium-binaries/
Version
118.0.5993.117
Have you tested that this is not an upstream issue or an issue with your configuration?
- [X] I have tried reproducing this issue in Chrome and it could not be reproduced there
- [ ] I have tried reproducing this issue in vanilla Chromium and it could not be reproduced there
- [ ] I have tried reproducing this issue in ungoogled-chromium with a new and empty profile using
--user-data-dircommand line argument and it could not be reproduced there
Description
iCloud keychain Passkey integration does not work
How to Reproduce?
- Visit https://www.passkeys.io/ and make sure you have a passkey for it saved inside your keychain (the best way I know of is using Safari and creating an identity there)
- Click Sign in with a passkey and observe the modal
Actual behaviour
You always get prompted to "Use a passkey from another device"
Expected behaviour
The modal includes ready-to-use credentials from your iCloud keychain
Relevant log output
No response
Additional context
I believe Chromium would first need to request permission, just like Chrome does.
Also, the item exists in the settings and is switched on by default.
FIDO Passkey integration seems to be non-existent for now from my experience, can confirm the same behavior when trying to use passkey authentication with Bitwarden
This is due unsigned builds and the missing entitlement: com.apple.developer.web-browser.public-key-credential.
https://developer.apple.com/documentation/bundleresources/entitlements/com_apple_developer_web-browser_public-key-credential?changes=_3
In order for Ungoogled Chromium to use and lookup passkeys in iCloud Keychain a "Request the macOS Web Browser Public Key Credential Entitlement" is required. See here: https://developer.apple.com/contact/request/macos-browsers-passkeys/
I do not see any other way than someone with a valid Apple Developer Account requesting the entitlement from Apple and then build it with the entitlement.
I do not see any other way than someone with a valid Apple Developer Account requesting the entitlement from Apple and then build it with the entitlement.
Would it be possible to integrate a personal developer account to accomplish this?
Would it be possible to integrate a personal developer account to accomplish this?
I think personal developer accounts are allowed to request this entitlement.
Would it be possible to integrate a personal developer account to accomplish this?
I think personal developer accounts are allowed to request this entitlement.
I have both a paid dev account, I'm just wondering if it's possible to add the entitlement to this project in a way that could be updated..?
Signed builds are generated automatically in https://github.com/claudiodekker/ungoogled-chromium-binaries. Perhaps opening an issue to add whatever metadata is needed there is helpful
The builds will also land on the binary contributors page soon I hope
I have both a paid dev account, I'm just wondering if it's possible to add the entitlement to this project in a way that could be updated..?
Personally, I would be happy to see if someone could sponsor an dev license for Ungoogled-Chromium macOS. But we still need to discuss how this will be organized... Directly sign our software with some individual's account is definitely not a great approach in some ways...
Signed builds are generated automatically in claudiodekker/ungoogled-chromium-binaries. Perhaps opening an issue to add whatever metadata is needed there is helpful
https://github.com/claudiodekker/ungoogled-chromium-binaries is a good alternative to get signed UGC macOS in the meantime, and it should be updated with our official repo.
And related issue: https://github.com/ungoogled-software/ungoogled-chromium-macos/issues/93
I have an impression that this issue is principally unfixable by us, should we close it as such?
