iOS Auto-Fill for password fields

[hpoul]

https://developer.apple.com/documentation/authenticationservices

[hpoul]

This seems to be a bit more complicated than i anticipated. the auto fill can only run in an app extension (autofill provider), which has no way to communicate with the main app (except through keychain).. and there is no easy way to launch a flutter view inside an app extension..

so the only feasible way i could think of would be to sync all passwords from the kdbx into a shared keychain.. but i'm not sure if this is a good idea security and feature wise.

i set it to a low priority for now.. but just give it a 👍️ if anyone is interested.. if there is some demand maybe it's worth investigating further.

[guoweiy]

I noticed the implementation of KeePassium. When using autofill with KeePassium, the user should select the database file again in the pop-up window. Then unlock the db in that pop-up window. Will this avoid communication through keychain? (I'm not a developer, please forgive me if there are silly errors.)

[hpoul]

@ifconfigex I would assume the pop-up window is still part of the autofill app-extension, and not of the main app bundle. I have found no way that an autofill app extension could launch the main app .. this was actually my first thought, because the android autofill uses exactly that technique.. but on android it's just an Intent which launches the main activiy..

But.. Since I couldn't quite remember the problems i encountered the first time around, I gave it another shot.. and was actually able to display the flutter view inside the app extension.. although very hack'ish and very buggy.. as in .. there is a some weird gray overlay before the actual view controller draws something:

<-- I'm actually surprised that i got that far.. :-) (as in.. that anything actually compiles.. and displays anything) but there are still quite a few issues..

• I had to do quite some hackish changes to the project structure (manually copying or modifying auto generated configurations so the autofill app extension also contains the same configuration as the main app target)
• Quite a few native plugins AuthPass depends upon use functionality which is not available in app extensions (like Application.shared .. To get anything to compile at all, I had to throw away the code in those plugins.. so for a final solution this would probably require either forking those plugins or submitting PRs to find other solutions for using unavailable APIs..
• I'm not sure how this affects app size.. since i've essentially just duplicated the whole main app target in the autofill app extension target.. and the whole framework is linked to both now.. which might essentially double app size..
• I'm not yet fully sure if it's possible to share data files between the main app and the app extension. The keychain can be shared, but the main application state is stored in json files on disk. It would be required to access those same files, otherwise you would essentially have to reconfigure everything from the main app in the app extension :-)

I guess none of those problems are complete blockers.. but quite a bit of work :-) If there are ios app devs interested in giving it a shot, i'm happy to help.. but unfortunately i'm not sure when i've got time to investigate much further..

[hpoul]

I think I've got an idea for an intermediary solution/workaround. How about slowing to launch a website directly from AuthPass and temporarily transfer the password for that entry into the autofill app extension - then the user could autofill that one entry directly into the website..
Anyone thinks that this would be a worthwhile workaround?

[OGmetamonkey]

I think your proposal to sync all passwords to an autofill provider would be the most appropriate implementation. I think this is possible using the credential identity store API. Good walkthrough here: walkthrough

[abuisman]

I’d love for this to work on iOS.

What is currently stopping this from working? Are there any developments?

[hpoul]

@abuisman that would be great.. I haven't done anything on that topic for a year.. 5cb7390 was my last try.. I don't think there is much to salvage from that :-(

The biggest blocker is that it's not trivial to get the flutter engine running in an app extension.. I think the safest bet would be to not try that.. 😅️ I'm not completely sure about the security implications.. but the best way to start would probably be to simply sync all accounts into a iOS keychain .. and have the autofill app extension (ie AutoFill Credential Provider Extensions) look up the accounts in the keychain.. and don't even try to work with theunderlyingg kdbx file.

this is also basically how apple presents it in their demo.. https://developer.apple.com/videos/play/wwdc2018/721/

I guess firing up a whole flutter engine in an app extension is not a good idea anyway..

[hpoul]

For reference - here is the flutter issue related to having a flutter engine in an app extension: flutter/flutter#16092

[abuisman]

Haha I didn’t mean “I’d love to work on this” I meant it would be great if this feature was functional on iOS. I don’t think I’d be the right person for this as I have neither flutter or iOS experience. Let alone I have no Apple developer account 😇

[abuisman]

Would the bitwarden source code be useful? They have this functionality working quite well.

[hpoul]

Would the bitwarden source code be useful

no

[softrider70]

The other password safes under ios like Authenticator or msecure are registered in ‚automatsch ausfüllen‘, so maybe you need the methodes behind this, to implement the autofill.
Would be great if this works.

[abuisman]

Would the bitwarden source code be useful

no

[oliverbytes]

This seems to be a bit more complicated than i anticipated. the auto fill can only run in an app extension (autofill provider), which has no way to communicate with the main app (except through keychain).. and there is no easy way to launch a flutter view inside an app extension..

so the only feasible way i could think of would be to sync all passwords from the kdbx into a shared keychain.. but i'm not sure if this is a good idea security and feature wise.

i set it to a low priority for now.. but just give it a 👍️ if anyone is interested.. if there is some demand maybe it's worth investigating further.

When do you plan to start working on syncing with keychain instead? Seems the only way right now! Kudos for your great work!

[FnAndroid]

I think I've got an idea for an intermediary solution/workaround. How about slowing to launch a website directly from AuthPass and temporarily transfer the password for that entry into the autofill app extension - then the user could autofill that one entry directly into the website.. Anyone thinks that this would be a worthwhile workaround?

Can I choose to write an autofill app extension using Objective-C or webSite? AuthPass is the best open source password management tool, but at the moment it lacks the most important autofill feature.

[oliverbytes]

I think I've got an idea for an intermediary solution/workaround. How about slowing to launch a website directly from AuthPass and temporarily transfer the password for that entry into the autofill app extension - then the user could autofill that one entry directly into the website.. Anyone thinks that this would be a worthwhile workaround?

Can I choose to write an autofill app extension using Objective-C or webSite? AuthPass is the best open source password management tool, but at the moment it lacks the most important autofill feature.

A separate native iOS AuthPass extension would work I believe

[kmkmahesh]

I use Keepass Touch which autofills the passwords

[oliverbytes]

Someone was able to run a flutter app as iOS extension: flutter/flutter#16092

[hpoul]

@oliverbytes yep, I've seen that.. but it requires a custom patch to run.. and even if that using gets merged into flutter it's not enough to get accepted into the apple app store as far as i can tell.. but we'll see, maybe one day.... 😅
But if someone wants to develop a native ios app extension, I'd be happy to review it help with a PR

[nexbotai]

Will it be possible now that iOS App Extensions are officially supported? https://docs.flutter.dev/platform-integration/ios/app-extensions

[hpoul]

@nexbotai not really.. the problem is still how the app extension could access the passwords.. the app does not run at the same time as the extension.. imho the only/best way would be to have the app sync all passwords into a shared keychain..
Or maybe try to use flutter in the app extension itself so it can read the kdbx itself.. but that would require a custom built if the flutter engine.. which sounds pretty annoying..
But if anyone wants to give it a try... Feel free

[hpoul]

fwiw.. i think in the meantime it is actually possible to run flutter inside an app extension.. (although development is still pretty buggy).. but it's a first step.. will take a while until it gets usable, and not sure how much time i've got to play around with it

tmp.mp4

[Dige006]

Hello Herbert,
that sounds very promising.

As far as I have been able to see so far, the missing autofill function is the only (important) feature that prevents me from using it.

I would be very happy if it continues here and would like to thank you very much for your work.