Propose domain to 1Password
Hi,
I am having a developer question. We are running a PWA on a real domain and as a web view based native app on Android and iOS. The people on the website can choose a password and are saving it to 1Password.
Now we got some complains, that the password they chose is not automatically available in the App. The difference is, that on the website we have a real domain and in the app it’s running as localhost. Is there any way, to propose the correct domain name to 1Password?
Best
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Comments
-
Hi @ag_ana
The passwords in 1Password afaik are saved in relation to the domain/hostname. Lets say "example.com". But in the App the host is "localhost". The passwords are there, but they are not proposed, because the hostname is different.
I would like to know, if there is an option to say "propose the passwords from host example.com"
0 -
Hey @VoAndres ,
1Password collects the login form's information including the URL from which it was taken and indeed matches the login according to the URL on the website. If your WPA does not contain an actual website URL, then there isn't much we can do as far as I know, but I sent this as a question to our iOS/Android developers to see if they have anything to add on the matter. I also moved this discussion to the iOS sub-forum as it better fits there. Me or one of the devs will reply here as soon as we have an answer.
0 -
Hi @VoAndres 👋
I'm talking about the iOS side of the things. Generally speaking, to make Password Autofill work with native apps, you have to configure your project as described in the documentation https://developer.apple.com/documentation/security/password_autofill — this, in short, means that you have to add associated domains and use the correct field types.
The problem here is that you're using a webview to authenticate your users, and the login form is not grabbed from the online host but rather, from the application bundle. Is this right?
If that's true, I believe that there's little that we can do for this scenario. We have no control over what Password Autofill asks us, and you can influence Password Autofill heuristics just with the associated domains thing.However, there are some ideas I can give you to try out. I don't know much about your app, so please bear with me if they don't make sense for your use case or are hard to implement:
1. If the password button comes up in the login form, your users can still list all passwords and manually choose one to fill even if the domains do not match (this is something that, for security reasons, can't do automatically).
2. Users can edit the login item and add multiple websites, adding the "localhost" domain alongside the "example.com" that gets grabbed automatically when it's first created.
3. You could useASWebAuthenticationSessionagainst the real "example.com" domain and grab a token that will later be used in the PWA.
4. You could make a native login form which grabs the username and password and then pass this information to the PWA (or grabs a token from the remote "example.com", just like idea #3).Again, we have little information about your use case, and can just give you some rough ideas to experiment with. From what I see, the last idea is probably the one that requires less changes to the app. You add an interstitial native view controller that asks the username and password (and being native, Password Autofill will use the "example.com" domain that's associated to the app), and then you do your things with those.
0 -
@ag_vendruscolo Thank you for your inputs. Adding a native login is not really an option for us, so I guess there is not solution in this case.
0
