Support of WebAuthn / Security Key

[elquimista]

Checklist

• I searched the :help documentation using / for helpful information
• I have read the frequently asked questions
• I did not find any similar issues in the issue tracker

Addition or change
I like Vieb very much (thank you for all your efforts put into this). However there are a few things that prevent me from using it as my main default browser for now.

• Incognito mode
• Multiple profiles
• Chrome extensions
• Bookmarks
• Being able to log into Google services
• DRM support
• Security key support

I have figured out most of the stuff above (workaround or find it ok to live without) but the last one (security key support) is something I can't compromise. Is there any plan / roadmap to ship this feature?

[Jelmerro]

• Incognito can most easily be done by using a separate datafolder, see :h datafolder and then changing the history settings to clear most of the things on quit, which is explained at :help storenewvisits.
• Profiles are also what I would use multiple datafolders for.
• Extensions are very unlikely, there was an attempt previously, but since that was unsuccessful for many years, I opted for Common extension integration in favor of custom installation #385, where you can suggest extensions to be included in Vieb (there are already quite a lot if I say so myself).
• Bookmarks are work in progress, though that has stalled a bit for now, I'm hoping this gets finished eventually, otherwise I'll have to do so myself at a later stage: Vieb bookmarks  #391
• Google block whatever they want to block for "security reasons", and this comes down to blocking everything that isn't Chrome or Firefox. A workaround is to build up some browsing history and use a Firefox useragent. Good news is that once you are logged in it will keep working, as per this FAQ item: https://github.com/Jelmerro/Vieb/blob/master/FAQ.md#why-cant-i-sign-in-to-google
• DRM is never happening because Google made sure they were the only standard for DRM solutions in the Chromium browser, and even Firefox uses that nowadays. This monopoly wouldn't even be the biggest issue if you could apply for a license, but they outright refuse to sell those to open source solutions, as per this FAQ item: https://github.com/Jelmerro/Vieb/blob/master/FAQ.md#why-doesnt-drm-work-such-as-spotify-or-netflix
• As for the security key, I haven't had any issues with that personally, could be blocked by any of the permissions, did you check the :notifications page for any permission request? You could also try turning on the setting notificationforpermissions, see :help notificationforpermissions for details. Do let me know if you get any error in the development console at F12 or :devtools.

[elquimista]

@Jelmerro - thanks for your quick response. When I tried a website that is supposed to ask for my yubikey (it does in Chrome and Brave), it never asked for it in Vieb. No notifications, just plain white blank page. But I will check h :notifications in the help page further. Thanks again for your guidance.

[Jelmerro]

Make sure to also check the console tab of the development tools using :devtools or F12, this is where any page errors end up, and where I would expect an error if the permission was indeed denied or the API is somehow not working otherwise.

[elquimista]

I already checked console in the dev tools and there is no error.

[elquimista]

Never mind. I just now realized my yubikey's light is blinking when I am on the login page. It's just not showing the familiar webauthn prompt I used to get in other Chromium browsers. And when I touched my yubikey while it was blinking, login worked!

However, it didn't ask for my PIN code of my yubikey. In other Chromium browsers, they ask for PIN code when I touch my yubikey.

[elquimista]

Let me know if you have any idea about this. Otherwise, I am happy to close this issue for now.

[Jelmerro]

I'm glad it's working for you now too! I think it's just the stripped Electron implementation of the key auth, since there is no chromium UI in Electron by default, they probably figured just having support without the UI was more useful than requiring users to build support for it from scratch. I would expect there to be Electron issues regarding the lack of PIN, but all I can find are issues related to lack of support, but it's supported already...