Skip to content

[PM-33111] Implement device auth key#816

Merged
iinuwa merged 14 commits into
mainfrom
PM-33111/sdk-device-auth-key
May 14, 2026
Merged

[PM-33111] Implement device auth key#816
iinuwa merged 14 commits into
mainfrom
PM-33111/sdk-device-auth-key

Conversation

@iinuwa
Copy link
Copy Markdown
Contributor

@iinuwa iinuwa commented Mar 5, 2026
edited by atlassian Bot
Loading

🎟️ Tracking

PM-33111

📔 Objective

This adds methods to create and use a Bitwarden "device auth key", which is a passkey with PRF that can login and unlock the vault. The handles:

  • generation of the passkey and PRF seed
  • derivation of the rotateable key set wrapping the UserKey
  • registration of the passkey and key set with the server
  • unregistration of the passkey

Clients are responsible for implementing a trait to store and retrieve the passkey in secure device storage.

Depends on:

🚨 Breaking Changes

No breaking changes.

@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Mar 5, 2026
edited
Loading

Logo
Checkmarx One – Scan Summary & Details51428060-ffd2-4132-a15a-8a650259d232

Great job! No new security vulnerabilities introduced in this pull request

@iinuwa iinuwa force-pushed the PM-33111/sdk-device-auth-key branch from da66377 to c404e6d Compare March 6, 2026 16:19
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Mar 6, 2026
edited
Loading

🔍 SDK Breaking Change Detection Results

SDK Version: PM-33111/sdk-device-auth-key (86eb07f)
Completed: 2026-03-12 16:41:25 UTC
Total Time: 246s

Client Status Details
typescript ❌ Breaking changes detected TypeScript compilation failed with new SDK version - View Details

| typescript | ✅ No breaking changes detected | Compilation passed with new SDK version - View Details |
| android | ✅ No breaking changes detected | Compilation passed with new SDK version - View Details |

Breaking change detection completed. View SDK workflow

@codecov
Copy link
Copy Markdown

codecov Bot commented Mar 6, 2026
edited
Loading

Codecov Report

❌ Patch coverage is 0% with 660 lines in your changes missing coverage. Please review.
✅ Project coverage is 83.69%. Comparing base (89ecb88) to head (a57371f).
⚠️ Report is 29 commits behind head on main.

Files with missing lines Patch % Lines
crates/bitwarden-fido/src/device_auth_key.rs 0.00% 410 Missing ⚠️
crates/bitwarden-fido/src/types.rs 0.00% 129 Missing ⚠️
...arden-uniffi/src/platform/fido2/device_auth_key.rs 0.00% 103 Missing ⚠️
crates/bitwarden-fido/src/client_fido.rs 0.00% 9 Missing ⚠️
crates/bitwarden-uniffi/src/platform/fido2/mod.rs 0.00% 9 Missing ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main     #816      +/-   ##
==========================================
- Coverage   84.44%   83.69%   -0.75%     
==========================================
  Files         420      432      +12     
  Lines       51943    54299    +2356     
==========================================
+ Hits        43861    45445    +1584     
- Misses       8082     8854     +772

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@iinuwa iinuwa mentioned this pull request Mar 9, 2026
Draft
@iinuwa iinuwa force-pushed the PM-33111/sdk-device-auth-key branch from 04e5d6c to 86eb07f Compare March 12, 2026 16:29
@sonarqubecloud
Copy link
Copy Markdown

sonarqubecloud Bot commented Mar 12, 2026

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

iinuwa
iinuwa commented Mar 12, 2026
View reviewed changes
Comment thread crates/bitwarden-fido/src/device_auth_key.rs Outdated
iinuwa
iinuwa commented Mar 12, 2026
View reviewed changes
Comment thread crates/bitwarden-fido/src/device_auth_key.rs Outdated
@iinuwa iinuwa mentioned this pull request May 4, 2026
Closed
@iinuwa iinuwa force-pushed the PM-33111/sdk-device-auth-key branch 2 times, most recently from 3288e80 to e5ccea3 Compare May 7, 2026 22:20
@iinuwa iinuwa force-pushed the PM-33111/sdk-device-auth-key branch from e5ccea3 to f101086 Compare May 8, 2026 13:35
@iinuwa iinuwa force-pushed the PM-33111/sdk-device-auth-key branch from ba92717 to 8d2f325 Compare May 8, 2026 18:06
@iinuwa iinuwa marked this pull request as ready for review May 11, 2026 13:21
@iinuwa iinuwa requested review from a team as code owners May 11, 2026 13:21
@iinuwa iinuwa requested a review from Thomas-Avery May 11, 2026 13:21
@iinuwa iinuwa requested a review from dani-garcia May 11, 2026 13:21
@iinuwa
Copy link
Copy Markdown
Contributor Author

iinuwa commented May 11, 2026

I think that this breaking change detection check is stale (it failed initially due to an error unrelated to this PR). but I'm not sure how to re-run it; it didn't execute when I updated the branch.

Thomas-Avery
Thomas-Avery previously approved these changes May 11, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@Thomas-Avery Thomas-Avery left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

KM changes LGTM

dani-garcia
dani-garcia requested changes May 12, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@dani-garcia dani-garcia left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Overall LGTM, but we need to make a small change to the error return of the funtions to avoid some UniFFI issues.

Comment thread crates/bitwarden-uniffi/src/platform/fido2.rs Outdated
@iinuwa iinuwa force-pushed the PM-33111/sdk-device-auth-key branch from 05f4673 to a57371f Compare May 14, 2026 14:15
@sonarqubecloud
Copy link
Copy Markdown

sonarqubecloud Bot commented May 14, 2026

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
9.2% Duplication on New Code

See analysis details on SonarQube Cloud

@iinuwa iinuwa merged commit dc147d0 into main May 14, 2026
66 of 73 checks passed
@iinuwa iinuwa deleted the PM-33111/sdk-device-auth-key branch May 14, 2026 17:08
bw-ghapp Bot added a commit to bitwarden/sdk-swift that referenced this pull request May 14, 2026
@bw-ghapp
bitwarden/sdk-internal@dc147d0 3.0.0-6157-dc147d0 - [PM-33111] Implem…
ff81ccb 
…ent device auth key (bitwarden/sdk-internal#816)
This was referenced May 14, 2026
Open
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dani-garcia dani-garcia dani-garcia approved these changes

@Thomas-Avery Thomas-Avery Thomas-Avery approved these changes

Assignees

No one assigned

Labels

breaking-change

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@iinuwa @dani-garcia @Thomas-Avery