Replies: 2 comments 12 replies
-
Vaultwarden doesn't support the public API of Bitwarden, only a small subset of it to support the Directory Connector. So we are unable to generate any code from that. Also, there is no code generation for the Rocket Framework as far as i know, so that won't help either. Regarding the If any, we are not that strict in receiving either case formating, so that should be fine i think. If you are only revering too what we output, then it's just that it is a big task to convert all to |
Beta Was this translation helpful? Give feedback.
-
That's worse since that is a WebAuthn violation. Bitwarden controls every part of their API, but they don't control WebAuthn. Violating WebAuthn requires special care and should be avoided if possible. How many Vaultwarden devs have actually read the necessary standards (e.g., WebAuthn Level 2 API) and RFCs (e.g., RFC 9053)? Likely none or very few. The crate that is used even makes several warnings of digging into the internals. As the referenced issue shows, there is exactly one issue to be aware of by adhering to the spec and that is the web-vault violating WebAuthn by using The way that I recommend solving that problem is by patching the web-vault even though I am aware that Vaultwarden devs try to only patch the web-vault for things like CSS (as they should); however there have been patches unrelated to just CSS. The reason to simply patch the web-vault such that those JSON keys are correctly formatted is the following:
As the above points explain, that is why I think patching the web-vault makes a lot more sense especially since there is precedent (no matter how rare) to patching the web-vault for non-CSS so long as it makes sense; and simpler, more maintainable, spec-adhering, and easier-to-audit code in conjunction with a web-vault-only problem fits the bill for an exception to be made. If patching the web-vault is still not done, then that doesn't excuse altering the entire payload but instead only the two problematic keys should be altered. This can still be achieved by not getting into the internals of |
Beta Was this translation helpful? Give feedback.
-
Hi All,
I have noticed that some endpoint like
identity/accounts/prelogin
doesn't follow the exact same API as the official one in terms of case the project usesPascalCase
and the official API usescamelCase
. Is this voluntary ?And otherwise since we can generate some code from the OpenAPI definitions is there any reason why the project doesn't use this ?
Have a nice day all
Beta Was this translation helpful? Give feedback.
All reactions