Trusted Browser Support is not working with Opera on MacOS
Hello,
I've been using 1Password for a long time with different browsers, including Opera, and I've always been lacking the biometric support in the latter. Recently I learned that you added a trusted web browser support feature, which is awesome. The sad part of the story is that it still does not work, at least for me.
This blog post says that the connection should be able as long as the browser app is code-signed. I've verified that it is:
$ codesign --verify --verbose ~/Applications/Opera.app /Users/davilov/Applications/Opera.app: valid on disk /Users/davilov/Applications/Opera.app: satisfies its Designated Requirement
The browser is added to 1Password settings:
And here's the extension settings (note the warning regarding the connection):
Of course, I've unlocked both the desktop app and the extension. And I've tried some obvious things like restarting the browser and the desktop app, downloading latest versions of both (I took the extension from the Chrome store).
Any help?
P.S. I'm using 2023 MacBook M2 Pro. Opera does not have admin privileges (it's installed to my user profile). My profile also does not have admin rights, due to corporate policy (but it had at the moment when 1Password desktop was installed).
1Password Version: 8.10.26 (81026039)
Extension Version: 2.20.0 (22000002)
OS Version: 14.3.1 (23D60)
Browser: Opera 107.0.5045.36 (arm64)
Comments
-
My opera is already installed in
/Users/davilov/Applicationsfolder (but notuser/Applications), which is the same as~/Applications. So this is not the cause.P.S. On the other hand, on your screenshot it is installed into
/Applicaitons(no tilde), so you probably wanted to say that Opera should be in the global apps folder in order to be able to connect with the 1Pass desktop app. Now that might be the cause, and if so - it should be fixed. Many apps, including browsers, can be installed to user local folder instead of the global one, because many users nowadays don't have admin rights, which is actually a good thing from the security perspective. 1Password should be able to work with locally installed browsers the same way as with globally installed ones.0 -
That was a typo on my part. Yes, it should be installed into
/Applications. I've edited my post above.1Password needs admin right to install and update from time to time. Typically, that's if we need to change some of the underlying structure. On Mac, all installations of 1Password must be placed in /Applications folder, which always requires administrative access to write too. If 1Password was to be installed in another location, some of the integration and security features we rely upon wouldn't work.
I'd recommend placing the browser there if possible. That's because we verify the code signing of the browser to make sure it's signed by Apple.
https://1password.community/discussion/140735/extending-support-for-trusted-web-browsers#latest
0 -
1Password is in the
/Applicationsfolder (I had admin permissions when installing it). Opera is in the~/Applicationsfolder, which I believe is a perfectly valid case (and often the recommended or even the only possible option as per security policies for emploee laptops in many companies). Nothing in this configuration prevents 1Password from verifying the browser's code signature. How to check if it's the browser installation location causing the issue? So far, I don't see any obvious violations of the requirements for the browser plugin to be able to connect to the desktop app.0 -
There is nothing I can do to change the behavior but make a recommendation to the team. We can discuss this on and on, but this is not possible at this time. The short answer is if you want the feature to work then the browser must be placed there. If not, then it's likely not going to work just as you described.
I'm trying to provide you the suggestions you need to get things going. I'm not saying you're not making a compelling case. My goal is to help you accomplish your goal and with the browser in the
~/Applicationfolder I cannot do that.0
