Feature Request: Support Universal Autofill in apps created using WebCatalog

ianjukes
ianjukes
Community Member
edited September 2023 in Mac

Long time 1Password user here!

Universal Autofill — one of the hands-down best features of version 8 — stopped working for me in most of my apps due to this change in release 8.7.1: We now verify the code signature of apps before we allow filling using Universal Autofill.

I use over 20 site-specific browser apps (SSBs) created with WebCatalog. These were all working in 8.7.0, but are now all broken in the later releases of 1Password. I can't describe how hugely disappointing this is, first the joy of having the feature, and then having it taken away without providing an alternative. Universal Autofill really is "magic" and so, so useful. It's a "killer feature".

I have also tested other SSB applications and can confirm this change in 1Password has broken Universal Autofill in them as well. This includes both Coherence X and Unite from BZG.

I emailed the BZG and WebCatalog teams, and they confirmed that their apps are indeed signed, so it is something to do with how 1Password verifies the signatures.

I'm just leaving this here for the 1Password team to pick up, with the hope that an appropriate solution can be found (quickly) to restore the feature (even an option to turn off signature verification with a warning would be better), and for anyone else who went through hours of trying to configure accessibility options inside macOS and reinstalling applications only to discover that 1Password quietly removed the feature in an update and without much warning!!

Big love to all the 1Password team.


1Password Version: 8.7.3
Extension Version: 2.3.7
OS Version: macOS 12.4
Browser:_ n/a

«1

Comments

  • ag_tommy
    edited July 2022

    @ianjukes

    I see you have emailed us. In order to prevent duplication of efforts I am going to direct you back there. My colleague Will, will continue working with you.

    ref: YFV-39155-758

  • ianjukes
    ianjukes
    Community Member

    @ag_tommy

    No problem - thanks for the quick reply! I had conversation with you guys via Twitter, but don't remember emailing!? Must be old age. 😆 Apologies. I also wanted to leave this here for other users that might be having the same experience too.

  • ag_tommy
    edited August 2022

    @ianjukes

    No worries at all my friend.

    Must be old age. 😆

    Who are we talking about again? Me or you? 🤣 I know that feeling all too well. aka I resemble that remark.

    By the way, no apologies needed. I appreciate your well thought out question. Grey is on the case and hopefully you'll have a reply soon.

  • ianjukes
    ianjukes
    Community Member

    @ag_tommy

    Will is on the case and hopefully you'll have a reply soon.

    Fantastic. Thank you!

  • Hi @ianjukes:

    It looks like my colleague Dayton has replied to you a bit earlier today. Feel free to get in touch if there's anything else we can help you with! 😀

    Jack

  • ianjukes
    ianjukes
    Community Member

    Hey @ag_tommy and @Jack.P_1P - any movement on a solution for this? I'd be happy to beta test anything. 😊

  • robertbousquet
    robertbousquet
    Community Member

    I'm having the same issue. Has there been any resolution?

  • This content has been removed.
  • ag_tommy
    edited September 2022

    @ianjukes @robertbousquet

    The issue remains open on our end. I'm sorry I don't have anything to share here. My apologies.

  • ianjukes
    ianjukes
    Community Member

    Any news as we're nearly into November? I have had to buy other software (Coherence X) and retrofit the 1Password plugin for Chrome to make this work, but its buggy. Still remember with joy how easily was to autofill before the feature was revoked!! 🥺😢

  • kbb01
    kbb01
    Community Member

    Hi Is this still not working? I too need Universal Autofill working with WebCatalog. Also could anyone confirm if you need the paid for version of WebCatalog for this to work? Thanks

  • mkosma
    mkosma
    Community Member

    I'm a paying customer of WebCatalog. Unfortunately their support has been basically non-existent, and the app has a lot of problems. Extensions are part of "Labs" and 1Password along with several other Chrome extensions show up with an error message that says, "This extension is not supported (Manifest V3)."

    I started using Sidekick browser and - wow - it is providing all the value I was after with WebCatalog. I tried to stick with the free version but recently switched to Pro because it actually handled my multiple google accounts without a hitch.

    The one thing WebCatalog does that's different is creating an app icon for task switching with CMD-tab. Not sure I have a good equivalent for that with Sidekick yet. That said, the experience in Sidekick with Chrome extensions has been flawless so far.

    monty

  • ianjukes
    ianjukes
    Community Member

    This is not a problem with WebCatalog - it's a problem with 1Password. It worked flawlessly with WebCatalog until 1Password decided to remove the Universal Autofill feature for unsigned apps. They have good reason to do so, but have not provided an alternative, or a means for us as end users to override. Even Apple provide a mechanism for us to reduce the security of our systems, with adequate warning, so we can make the best judgement for ourselves. I'm a bit cross with 1Password that they've not done this, and gone totally silent on the issue. I use Coherence X, which does allow for the 1Password Google Chrome plugin to work, but it's flaky and often crashes on me. WebCatalog is still the best SSB I've found, but sadly it is utterly unsupported by 1Password.

  • tamaracks
    tamaracks
    Community Member

    I too would like to see WebCatalog apps supported, and am disappointed in the response from 1Password.

  • jondkinney
    jondkinney
    Community Member

    +1 for webcatalog support.

  • Dave_1P
    edited August 2023

    Thank you for all of your feedback. I've passed on your requests and comments to our development team.

    -Dave

    ref: dev/core/core#18923
    ref: dev/core/core#16253
    ref: dev/core/core#23349

  • ianjukes
    ianjukes
    Community Member
    edited June 2023

    @Dave_1P Hi Dave -- I've just come back to this thread (a year later from my original post) to see if there's been any update. Universal Autofill is still a dead feature to me due to the restrictions brought in by the 8.7.1 update.

    Really disappointed that I was told that Will was on the case, and that hopefully I'd have an update soon (see above). A year later, and no update and no explanation. I've been a customer for over 10 years but this lack of response has left me really disappointed, and tarnished an otherwise fantastic product. Please do take this feedback seriously.

    BUT -- Apple announced at WWDC that Safari 17 will be able to create standalone web apps. I have read that "Web apps work with AutoFill credentials from iCloud Keychain and from third-party apps that have adopted the Credential Provider Extension API."

    Can you confirm that you are planning to support the Credential Provider Extension API, and therefore password AutoFill should work in standalone web apps produced by Safari 17? This will be a great solution and one that would solve the problem for me.

  • Dave_1P
    edited June 2023

    @ianjukes

    Thank you for following up. The team member that you referred to is on the customer support team, once their initial investigation confirmed the relevant details an internal issue was filed with our development team so that our developers could investigate further. That internal issue is still in our developer's backlog and I don't have any updates to share at the moment. I'm sorry that I'm not able to provide more news.

    BUT -- Apple announced at WWDC that Safari 17 will be able to create standalone web apps. I have read that "Web apps work with AutoFill credentials from iCloud Keychain and from third-party apps that have adopted the Credential Provider Extension API."

    We don't currently support the Credential Provider Extension API since 1Password already supports filling credentials on macOS using 1Password in the browser and Universal Autofill. I understand that these options don't work for your specific use case and, while I can't make any promises, I've filed a feature request on your behalf to have the team look into supporting the the Credential Provider Extension API in the future.

    For the time being, have you considered using a Chromium-based browser to create web apps out of websites? If you create a web app using a browser like Chrome then 1Password in the browser is able to fill into that web app.

    -Dave

    ref: PB-33771517

  • ianjukes
    ianjukes
    Community Member

    @Dave_1P

    That internal issue is still in our developer's backlog and I don't have any updates to share at the moment.

    That's incredibly disappointing on a number of levels. The initial point I made remains: you released a new feature that was so incredibly helpful, and then pulled it from a later release. A year later still no updates to share.

    We don't currently support the Credential Provider Extension API since 1Password already supports filling credentials on macOS using 1Password in the browser and Universal Autofill.

    I believe the Credential Provider Extension API is a new feature of macOS Sonoma (?) so I'm not surprised you don't currently support it. My comment was really the hope that you might support it by release of Sonoma later this year, and then 1Password will work with the new Safari web apps when they launch with Sonoma. Please please consider this.

    For the time being, have you considered using a Chromium-based browser to create web apps out of websites? If you create a web app using a browser like Chrome then 1Password in the browser is able to fill into that web app.

    Yes. I have investigated every option. I won't go into why this is a poor solution for my use case.

  • Dave_1P
    edited June 2023

    I'm sorry for the disappointment. For security reasons, Universal Autofill currently requires a valid code signature on all apps that it fills into. WebCatalog apps use "adhoc" code signatures which have no cryptographic proof to back up their validity and are not compatible with Universal AutoFill.

    Universal Autofill initially working with apps that use ad-hoc signatures was a bug that was resolved in version 8.7.1 (as you said in your initial post): We now verify the code signature of apps before we allow filling using Universal Autofill.

    As mentioned, we do have an internal work item open to investigate supporting ad-hoc signatures without compromising on the security of Universal Autofill but I can't make any promises on when, or if, our development team will be able to build this support. Supporting ad-hoc signatures requires both security and development work and, to be honest, we've received only a limited number of requests to build this support so far.

    I know that this isn't the answer that you were hoping for. The request remains filed with the team internally and the team and I will continue to track requests from customers and to advocate to our development team that this is something that some folks find necessary for their workflow.

    -Dave

  • jsorge
    jsorge
    Community Member

    I'd like to +1 Ian's request. Having hopped on the Sonoma bandwagon I was hoping these apps made by Safari would be able to work with 1Password's auto-fill (I was really hoping that Safari extensions would come over for free but they don't – so I filed FB12487876 requesting that). It now makes sense why 1Password's app auto-fill doesn't work but I really really really want it to work.

    I've used Unite and Fluid in the past with varying levels of success but really yearned for a Safari solution. Now that we have it, not being able to use 1Password is a huge killjoy to using it.

    I hope that you all can prioritize supporting new features of macOS and get this built. Thanks!

  • @jsorge

    Thank you for the feedback, I've passed along your request to the team. 🙂

    -Dave

    ref: PB-34131847

  • ianjukes
    ianjukes
    Community Member

    Thanks @Dave_1P -- I appreciate the full explanation, and the honesty, and appreciate that you have to prioritise your workload based on customer demand.

    I did originally ask for this to be reinstated as an option in settings that you give your customers, with the advice that downgrading Universal Autofill to supporting ad-hoc signatures could potentially compromise security, and then it is our choice rather than yours to take that risk. That would be a simple solution -- but that was not responded to.

    I completely agree with @jsorge. With Apple now providing support for browser-based apps I would really really really hope you will support these. 🤞🙏

    It might be a more niche feature right now, but when the ability to do this is released with Sonoma demand from your customers will surely increase.

  • ianjukes
    ianjukes
    Community Member

    @Dave_1P BTW -- from my perspective Universal Autofill working with ad-hoc signatures was not a "bug" as you call it. It was a killer "feature", that then got removed without proper explanation.

    That was the annoyance for me. 😊

  • Thank you again for the feedback and suggestions, all of your comments have been passed along to our product and development teams. 🙂

    -Dave

  • ianto
    ianto
    Community Member

    +1 from me for support of the Credential Provider Extension API on macOS (just like you do on iOS and iPadOS).

    Main reason for me is the native implementation from Apple is plentifold faster than using the buggy 1Password Extension for Safari.

    Please.

  • Thanks for the input @ianto I've noted it internally. Nice to talk with you again.

  • wey
    wey
    Community Member
    edited August 2023

    @Dave_1P @ag_tommy I made a community account just to comment on this. I've loved 1Password ever since I switched over from Dashlane and evangelize it to friends and colleagues!
    The only single complaint I have is the lack of support for working with WebCatalog.

    As a software engineer, I get it -- backlogs get swamped, tickets accumulate and pile up. On the other hand, the work needed to support this feature (allow ad-hoc signatures) is like a 1/2 pointer, maybe 3 points if you factor in user warning modals, writing tests, and manual testing.

    I would really love to see this feature get implemented as it's the only stain on an otherwise spectacular product!

  • @wey

    Welcome to the community! 😊

    Thank you for the feedback, I've passed along your request and comments to the team internally.

    -Dave

  • ianjukes
    ianjukes
    Community Member
    edited September 2023

    @wey -- Thank you thank you for chipping in your comments. I'm a total 1Password evangelist as well, but I feel like this issue has been overlooked as niche, but I know for sure there are lots of others who have the same issue, but just don't comment. So thank you. 😊

This discussion has been closed.