bitwarden
diff --git a/‎custom-words.txt
+4-1 b/‎custom-words.txt
+4-1
diff --git a/‎docs/architecture/deep-dives/passkeys/credentials.md
+113 b/‎docs/architecture/deep-dives/passkeys/credentials.md
+113
diff --git a/‎docs/architecture/deep-dives/passkeys/glossary.md
+40 b/‎docs/architecture/deep-dives/passkeys/glossary.md
+40
diff --git a/‎docs/architecture/deep-dives/passkeys/implementations/index.md
+10 b/‎docs/architecture/deep-dives/passkeys/implementations/index.md
+10
diff --git a/‎docs/architecture/deep-dives/passkeys/implementations/provider/browser-extension.md
+100 b/‎docs/architecture/deep-dives/passkeys/implementations/provider/browser-extension.md
+100
diff --git a/‎docs/architecture/deep-dives/passkeys/implementations/provider/index.md
+16 b/‎docs/architecture/deep-dives/passkeys/implementations/provider/index.md
+16
diff --git a/‎docs/architecture/deep-dives/passkeys/implementations/relying-party/image.png
37.6 KB b/‎docs/architecture/deep-dives/passkeys/implementations/relying-party/image.png
37.6 KB
diff --git a/‎docs/architecture/deep-dives/passkeys/implementations/relying-party/index.md
+40 b/‎docs/architecture/deep-dives/passkeys/implementations/relying-party/index.md
+40
@@ -7,8 +7,10 @@ bytemark
 clickjacking
 CODEOWNERS
 CQRS
+CTAP2
 dockerized
 Gitter
+HKDF
 hotfix
 hotfixed
 hotfixes
@@ -61,4 +63,5 @@ Xcodes.app
 xmldoc
 Yellowpages
 Yubico
-YubiKey
+YubiKey
+YubiKeys
@@ -0,0 +1,113 @@
+---
+sidebar_position: 2
+---
+
+# Credentials
+
+## What is a credential?
+
+In general, FIDO2 works by using public/private key pairs that are generated by a FIDO2
+authenticator. The private key is protected by the authenticator, and the public key is stored
+server-side by the Relying Party (RP). The authenticator uses the private key to sign challenges
+from a RP, and the RP uses the public key to verify the signature.
+
+According to the [WebAuthn specification](https://www.w3.org/TR/webauthn-3/#public-key-credential),
+a credential is data one entity presents to another in order to authenticate the former to the
+latter. What the term "credential" refers to is generally determined by context, and can be one of
+the following:
+
+<dl>
+  <dt>A public key credential source</dt>
+  <dd>The data structure that is protected by the authenticator,
+   including the private key, and any metadata that is associated with it. For more information see
+   [Public Key Credential Source](https://www.w3.org/TR/webauthn-3/#public-key-credential-source).</dd>
+
+  <dt>The attested credential public key (corresponding to a public key credential source)</dt>
+  <dd>The public key that is stored server-side by the RP.</dd>
+
+   <dt>An authentication assertion</dt>
+  <dd>The data structure that contains a cryptographic signature.</dd>
+</dl>
+
+In this documentation, the term "credential" refers to the **public key credential source** i.e. the
+private key plus metadata.
+
+## Data structure
+
+### Required fields
+
+Credentials are relatively simple data structures and only require the following fields:
+
+- `credentialId` - Binary data sequence that uniquely identifies the credential. It is either a
+  random value, or an encrypted version of the credential (see [Storage Modes](#storage-modality)).
+- `rpId` - The identifier of the RP for which the credential was created. By default assigned the
+  effective domain of the application's origin (ex: bitwarden.com).
+- `privateKey` - Private key material, created when generating the public/private key pair.
+
+### Notable optional fields
+
+- `userHandle` - Binary data sequence that uniquely identifies the user account. This data is opaque
+  for anyone other than the RP. It is used to associate a credential with a specific user account.
+- `userName` - A human-readable name for the user account. This can be used to display the user
+  account in the authenticator's user interface (if supported).
+
+## Storage modality
+
+### Client-side credentials
+
+The credential is stored in persistent storage embedded in the authenticator, client, or client
+device. This is rapidly becoming a common storage mode, as it is the only way to support synced
+credentials across multiple devices. Client-side storage is required.
+
+Hardware security keys also support this storage mode, but they often have a limited capacity (e.g.
+the YubiKey 5 can hold up to 25 client-side credentials).
+
+### Server-side credentials
+
+The credential is encrypted by the authenticator and stored in a database managed by the RP. This is
+the traditional storage mode and is often used in 2FA flows.
+
+This enables the authenticator to have unlimited storage capacity for credentials, since the data is
+stored by the RP instead of by the authenticator. However, this means that a credential stored in
+this way must be retrieved from the RP before the authenticator can use it.
+
+## Discoverability
+
+### Non-discoverable credentials
+
+This is a credential whose `credentialId` must be provided in `allowCredentials` when calling
+`navigator.credentials.get` because it is not client-side discoverable. This is always the case when
+the credential is stored server-side, because the RP must first identify the user in order to
+discover the `credentialId` to supply in the `navigator.credentials.get` call.
+
+### Client-side discoverable credentials
+
+:::info
+
+These credentials have been previously known as resident credentials or resident keys. Due to the
+phrases `ResidentKey` and `residentKey` being widely used in both the WebAuthn API and also in the
+Authenticator Model (e.g. in dictionary member names, algorithm variable names, and operation
+parameters) the usage of resident within their names has not been changed for backwards
+compatibility purposes.
+
+:::
+
+This credential is usable in authentication operations where the RP does not provide any
+`credentialId`, meaning that the RP does not need to identify the user first.
+
+As a result, an authenticator that can handle discoverable credentials can create assertion
+signatures using just an `rpId`. This enables single-click authentication flows where the returned
+assertion data contains everything the RP needs to identify and authenticate the user.
+
+This implies that the source of the credential must be stored either in the authenticator or the
+client platform (see [Client Side Credentials](#client-side-credentials)).
+
+## Storage vs discoverability matrix
+
+As described above, there is a relationship between storage modality and discoverability. This can
+be condensed into the matrix below, which shows the supported combinations of the two.
+
+|                 | Non-Discoverable | Discoverable |
+| --------------- | ---------------- | ------------ |
+| **Client-Side** | Supported        | Supported    |
+| **Server-Side** | Supported        | -            |
@@ -0,0 +1,40 @@
+---
+sidebar_position: 6
+---
+
+# Glossary
+
+This page contains some definitions of terms used throughout the passkey documentation. For a more
+comprehensive list, see the
+[FIDO Alliance Glossary](https://fidoalliance.org/specs/common-specs/fido-glossary-v2.1-rd-20210525.html).
+
+## Definitions
+
+<dl>
+  <dt>Passkey</dt>
+  <dd>Any passwordless FIDO2 credential.</dd>
+
+  <dt>Credential</dt>
+  <dd>The technical term for a passkey. The two terms are used interchangeably.</dd>
+
+  <dt>Relying Party (RP)</dt>
+  <dd>A web site or other entity that uses a FIDO2 protocol to authenticate users by asking for a passkey.</dd>
+
+  <dt>Passkey Provider (PP)</dt>
+  <dd>An app and/or service that is responsible for storing and managing passkeys. Many operating systems include a default passkey provider (first-party), and many also support third-party providers (like Bitwarden).</dd>
+
+  <dt>Attestation</dt>
+  <dd>The process used to create a new passkey.</dd>
+  <dd>The process of communicating a cryptographic assertion to a relying party that a key presented during authenticator registration was created and protected by a genuine authenticator with verified characteristics.</dd>
+
+  <dt>Attestation Statement</dt>
+  <dd>An optional statement about the exact type (make/model) of the authenticator and its capabilities.</dd>
+  <dd>An optional statement provided by an authenticator which can be used by a Relying Party to identify and verify the provenance of the authenticator. Not to be confused with "attestation" which can be performed without providing a statement about the provenance of the authenticator.</dd>
+
+  <dt>Assertion</dt>
+  <dd>The process used to log in.</dd>
+  <dd>The act of proving ownership of the private key, commonly referred to as authentication.</dd>
+
+  <dt>Fallback</dt>
+  <dd>Aborting the Bitwarden-side of the authentication process and handing off control to the native browser implementation of WebAuthn, enabling the user to use hardware security keys, etc.</dd>
+</dl>
@@ -0,0 +1,10 @@
+---
+sidebar_position: 5
+---
+
+# Implementations
+
+Bitwarden uses passkeys to provide users with a secure and convenient alternative to passwords. In
+this context Bitwarden can act as both a Relying Party (RP) and a Passkey Provider (PP). In other
+words: You can use passkeys to log in to Bitwarden, and you can use Bitwarden to generate and store
+passkeys for logging into other applications.
@@ -0,0 +1,100 @@
+# Browser extension
+
+Bitwarden supports passkeys in all browser by implementing the WebAuthn API. The browser does not
+need to support WebAuthn natively, the extension will polyfill if necessary, effectively adding
+support for passkeys to any browser.
+
+## Compatibility
+
+There are currently no browser APIs that allow extensions to provide passkeys alongside the
+browser's native implementation. This means that the only way an extension can provide passkeys is
+by completely replacing the native implementation with its own. This is done by injecting a script
+into the page that replaces the native implementation with the extension's implementation. In
+practice, this is done by reassigning the `navigator.credentials.create` and
+`navigator.credentials.get` methods.
+
+To avoid implementing support for the entire FIDO2 ecosystem (hardware keys, CaBLE, etc.), the
+extension retains the ability to trigger the native implementation (usually referred to as a
+"fallback"), if the user chooses to not proceed with Bitwarden. In practice this is done by storing
+references to the native functions in separate variables before reassigning.
+
+## Architecture
+
+Bitwarden implements a simplified version of the FIDO2 architecture based solely on the
+[WebAuthn API specification](https://www.w3.org/TR/webauthn-3/). This is because the embedded
+`FIDO2 Authenticator` will never be used in a standalone context and does not need to support the
+full CTAP2 protocol.
+
+:::info
+
+`FIDO2 Client` is analogous to `WebAuthn Client` in the [FIDO2 Overview](../..#diagram), but is
+named differently due to naming conflicts with the RP implementation also in the Bitwarden codebase.
+See [Naming Convention](../../naming-convention) for more information.
+
+:::
+
+```kroki type=plantuml
+@startuml
+skinparam BackgroundColor transparent
+skinparam componentStyle rectangle
+
+title Browser extension FIDO2 architecture overview
+
+component "Browser" {
+    component "Web page" {
+        component "JavaScript Application"
+        component "Page Script" <<Injected>> {
+            component "Custom WebAuthn API"
+            component "Messenger" as pageScriptMessenger
+
+            [Custom WebAuthn API] -> [pageScriptMessenger]
+        }
+
+        component "Content Script" {
+            component "Messenger" as contentScriptMessenger
+        }
+
+        component "User Agent WebAuthn API" <<Native>>
+
+        [JavaScript Application] -> [Custom WebAuthn API]
+        [Custom WebAuthn API] --> [User Agent WebAuthn API]
+    }
+
+    component "Extension" {
+        component "Background Script"
+        component "FIDO2 Client"
+        component "FIDO2 Authenticator"
+        component "FIDO2 User Interface"
+        database "Vault"
+
+        [FIDO2 Client] -> [FIDO2 Authenticator]
+        [FIDO2 Authenticator] -> [Vault]
+        [FIDO2 Authenticator] --> [FIDO2 User Interface]
+    }
+
+    [pageScriptMessenger] <--> [contentScriptMessenger]
+    [contentScriptMessenger] --> [Background Script]
+    [Background Script] -> [FIDO2 Client]
+}
+@enduml
+```
+
+## Discoverability
+
+The browser extension respects discoverability requirements from RPs by saving a client-side
+discoverability flag in the passkey metadata (called `discoverable`). If this flag is set to
+`false`, the RP will need to provide the `credentialId` to Bitwarden in order to perform an
+assertion. If the flag is set to `true` the passkey will be discoverable using the `rpId`. The
+`userHandle` is always returned if available.
+
+## User presence
+
+The browser extension always requires user presence. This means that Bitwarden will never respond to
+a request without guaranteeing that the user has first interacted with their device somehow, by
+confirming or denying the request.
+
+## User verification
+
+The browser extension does not yet fully support user verification. This is a limitation of the
+existing user verification services. Full support for user verification will be added soon, via the
+user's unlock methods, such as a PIN or biometric unlock, with the master password as a fallback.
@@ -0,0 +1,16 @@
+---
+title: Provider
+sidebar_position: 1
+---
+
+# Overview
+
+Bitwarden can act as a Passkey Provider to generate and store passkeys for other applications.
+
+## Storage
+
+Passkeys are stored alongside and in the same way as passwords, using the same encryption and
+security. This includes both the private key and all related metadata. This data can be stored in
+both personal and organization vaults.
+
+Bitwarden only supports the client-side storage modality.
@@ -0,0 +1,40 @@
+---
+title: Relying Party
+sidebar_position: 1
+---
+
+# Overview
+
+Bitwarden can act as a Relying Party (RP) for passkeys. This means that you can log in to Bitwarden
+using a passkey. Bitwarden supports passkeys as a second factor of authentication (2FA) and as a
+primary factor of authentication. When used as a primary factor of authentication, Bitwarden will
+not require you to enter a username or password when logging in. In cases where your passkey
+[supports encryption](prf.md), your passkey will be able to decrypt your data as well. If your
+passkey does not support encryption, Bitwarden will prompt you to enter a password to unlock your
+vault.
+
+## Implementations
+
+Bitwarden currently has two implementations for authenticating users using passkeys:
+
+- Older 2FA "WebAuthn" implementation
+- Newer "Log in with Passkeys" implementation
+
+Both implementations use the same FIDO2 technologies, but are completely separate and share almost
+no code. From a user perspective "Log in with Passkeys" is a first-factor authentication method,
+while the older "WebAuthn" implementation is a second-factor. "Log in with Passkeys" takes advantage
+of FIDO2 User Verification and therefore completely replaces the other existing 2FA methods.
+
+The 2FA implementation will eventually be consolidated with the newer "Log in with Passkey"
+implementation.
+
+## Storage modality
+
+- The 2FA "WebAuthn" implementation supports both client-side and server-side storage mode.
+- The "Log in with Passkeys" implementation only supports the client-side storage mode.
+
+## Discoverability
+
+- The 2FA "WebAuthn" implementation does not support discoverability, as it is a second-factor
+  authentication method and supports the server-side storage mode.
+- The "Log in with Passkeys" implementation requires discoverable credentials.