[PM-29114] VC 20967 is not enumerated by `com.google.android.gms.fido.fido2.ui.hybrid.HybridAuthenticateActivity`, at least when logging-in to `NNGCECKBAPEBFIMNLNIIIAHKANDCLBLB_2025_11_1_0.crx`'s `popup/index.html?uilocation=popout#/login`.

[RokeJulianLockhart]

Origin

Web (Browser)

Web URL or App name

chrome-extension://nngceckbapebfimnlniiiahkandclblb/popup/index.html?uilocation=popout#/login:~:text=Log%20in%20with%20passkey

Passkey Action

• Creating new passkey (Registration)
• Signing in (Authentication)

Build Information

© Bitwarden Inc. 2015-2025
Version: 2025.11.0 (20967)
📱 Fairphone FP5 🤖 15@35 📦 prod
🧱 commit: bitwarden/android/release/2025.10-rc38@6d71f0c5d66a466a20e4636be438609d2703063c
💻 build source: bitwarden/android/actions/runs/19309927902/attempts/1
🦀 SDK: 1.0.0-3436-2a00b727
🌩 Server: 2025.11.1 @ US 

Additional Information

In order to complete the authentication sequence that clients/issues/17779 describes (before I knew how to bypass it), I utilised versionCode=49 of com.atharok.barcodescanner to invoke the resultant FIDO:/ URI via com.atharok.barcodescanner.presentation.views.activities.BarcodeAnalysisActivity, which invoked com.google.android.gms.fido.fido2.ui.hybrid.HybridAuthenticateActivity. There, like what issues/6112 describes, com.x8bit.bitwarden was not enumerated.

To demonstrate, I've utilised what dkrivoruchko/ScreenStream/issues/337 describes:

@.Date.20251202T175538+0000.Type.Video.Origin.ScreenStream.Mozilla.Firefox.webm

If Flight Recorder is of any use for this, I've uploaded its logs to user-attachments/files/23887555/bitwarden_flight_recorder2971687947327785176.zip. However, because of how AChep/keyguard-app/issues/1140 demonstrates that no alternative, enumerated clients are able authenticate, I wonder whether the code itself may be at fault, somehow, too.

Issue Tracking Info

• I understand that work is tracked outside of Github. A PR will be linked to this issue should one be opened to address it, but Bitwarden doesn't use fields like "assigned", "milestone", or "project" to track progress.

[bitwarden-bot]

Thank you for your report! We've added this to our internal board for review.
ID: PM-29114

[aonjeerasak1998-lang]

.

[RokeJulianLockhart]

@aonjeerasak1998-lang, was #issuecomment-3607654800 an accident?

[pamperer562580892423]

@RokeJulianLockhart I hope this is a very specific technical bug... otherwise I would never be able to assess if it could be a bug I also experience - as only another (layman) user...

[RokeJulianLockhart]

@pamperer562580892423, have you observed the attached screencast? I ask because the problem isn't technical, but without at least this much information, it'll be nigh undiagnosable.

[pamperer562580892423]

@RokeJulianLockhart All good... Sorry, I should have added some kind of smiley... I saw the screencast, but without the complete context (and yes, I saw you referenced the other or related issue), I don't get the problem completely. Anyway, not important.

I think what I really wanted to say: I think you could think of making the title and general description of your issues a bit easier to understand for everyone (at least for those issues, that regular users also could experience - and that other regular BW users may search here on GitHub - and may join, to also avoid making "duplicate" issues...). And then, add all technical details you want in the section "Additional Information/Context", so that BW still gets all the information you gathered.

But I can't tell you anything, so do as it fits you best. 👍

[RokeJulianLockhart]

@pamperer562580892423, I am, unfortunately, limited to 256 characters for issue titles, ¹ so they're occasionally cryptic, to ensure that I don't inaccurately generalise:

1. I could write “vesionCode=20967”, instead of “VC 20967”. However, that's an extra few characters.

2. I could utilise the versionName, in its stead. However, that's less specific.

3. The cited rDNS activity identifiers do not expose language-specific names.

Footnotes

1. dead-claudia/github-limits/blob/819503596cdce41c61fcfac03315a60d507ca762/README.md?plain=1#L109 ↩

[pamperer562580892423]

@RokeJulianLockhart

I am, unfortunately, limited to 256 characters for issue titles, 1 so they're occasionally cryptic, to ensure that I don't inaccurately generalise:

Ah, Sorry, I didn't know it was impossible to choose a simple sentence as a title and put that accurate title into the description...

[RokeJulianLockhart]

@pamperer562580892423, I don't understand what you're telling me. Was that intended to be passive-aggressive sarcasm? I sincerely hope not.

[pamperer562580892423]

@pamperer562580892423, I don't understand what you're telling me. Was that intended to be passive-aggressive sarcasm? I sincerely hope not.

@RokeJulianLockhart No, Sorry, it was meant as humorous, and certainly neither aggressive nor passive-aggressive. - Seems it's not my weekend, anyway. So, please ignore my remarks entirely.

[RokeJulianLockhart]

@pamperer562580892423, no worries, and apologies too. ‘T hasn’t been my weekend either.