HTTP Basic Authentication not supported in Safari 5.1

DjPadz

My main frustration here is that it [i]used[/i] to work. I realize that the extension API is now the preferred way of extending Safari's functionality, but, using the old native plug-in API, 1Password supported HTTP auth. Now it doesn't. It's probably more code to maintain, and it's not a well-supported means for extending Safari, but it worked, and it worked really well.



I think that the decision to rewrite the 1Password plugin as a Safari extension was a big step backwards. Could we bring back the plugin?

andrewrodney

I too am not happy with the new behavior and usage. In several cases, there are log-in’s that provide a totally modal dialog that requires a log in, yet I have no access to the new button in the toolbar. In the past, the Safari Menu item was of course accessible.

zman

logins do not work on htaccess on latest stable build of safari and lion os x.

roustem

Safari extension API does not allow extensions to access the HTTP Auth windows. We are looking for a workaround solution.

sledmonkey

[quote name='roustem' timestamp='1311804506' post='34419']

Safari extension API does not allow extensions to access the HTTP Auth windows. We are looking for a workaround solution.

[/quote]



That would be nice. A major bummer it doesn't work anymore.

khad

Welcome to the forums, DjPadz!



Oh, how I do wish it was that simple! <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/blink.gif' class='bbc_emoticon' alt=':blink:' />



Previously, we were [b]not[/b] actually using any kind of "plugin" API. We were using "Scripting Additions" which Apple has now completely removed. The [b]only[/b] option at this point is to provide an extension using Safari's extension APIs. This is not just the "preferred way". There is no other option. There is no going back. That is simply and plainly impossible at this juncture. Five years of code went out the window. <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/skype_worried.png' class='bbc_emoticon' alt=':S' />



[url="http://help.agilebits.com/1Password3/http_auth.html"]We are working on a way around this limitation in the extension APIs regarding HTTP auth prompts[/url], but the rug was sort of pulled out from underneath us and I don't have a time frame for when this particular feature can or will be added back.



Again, I'm sorry I don't have a better answer, but the decision was made by Apple. [url="http://help.agilebits.com/1Password3/safari_5.1_intro.html"]There are many benefits to the new extension[/url], but this is one down side at the moment. In the mean time, you can save the HTTP auth prompt password in the OS X keychain by checking the box to "Remember this password in my keychain".



Please let me know if there is anything else I can help with.

DjPadz

[quote name='khad' timestamp='1311837420' post='34543']

Welcome to the forums, DjPadz!



Oh, how I do wish it was that simple! <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/blink.gif' class='bbc_emoticon' alt=':blink:' />



Previously, we were [b]not[/b] actually using any kind of "plugin" API. We were using "Scripting Additions" which Apple has now completely removed. The [b]only[/b] option at this point is to provide an extension using Safari's extension APIs. This is not just the "preferred way". There is no other option. There is no going back. That is simply and plainly impossible at this juncture. Five years of code went out the window. <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/skype_worried.png' class='bbc_emoticon' alt=':S' />

[/quote]



Apologies for the confusion there (as well as the misnomer). I hadn't realized that Scripting Additions were dropped in Safari 5.



Thanks for the clarification, and best of luck getting it working!



--Dj

dteare

[quote name='DjPadz' timestamp='1311879971' post='34732']

Thanks for the clarification, and best of luck getting it working!

[/quote]



Thank you!

TerriZeee

Still running Snow Leopard and I ended up copying Safari 5.05 from another Mac of mine and naming it SafariOLD and life is good again. I was rather surprised that this worked.



1Password not working in HTTP Authentication dialogs was a complete deal killer for me.

khad

For anyone interested, you can use the new extension to copy and paste credentials into the HTTP auth prompts [i]directly within[/i] Safari 5.1 which is much simpler than opening the main application.



Click the circled > or use the right arrow key with the Login selected, then copy the password to the clipboard. You can then paste it directly into the HTTP Auth prompt without leaving the browser. <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/skype_smile.png' class='bbc_emoticon' alt=':-)' />

fongd

[quote name='khad' timestamp='1311912137' post='34839']

For anyone interested, you can use the new extension to copy and paste credentials into the HTTP auth prompts [i]directly within[/i] Safari 5.1 which is much simpler than opening the main application.



Click the circled > or use the right arrow key with the Login selected, then copy the password to the clipboard. You can then paste it directly into the HTTP Auth prompt without leaving the browser. <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/skype_smile.png' class='bbc_emoticon' alt=':-)' />

[/quote]



Hmm, just tried this now. Perhaps I'm missing something, but I had a heck of a time getting it to work.



For starters, when I brought up the 1Password dialog after the HTTP auth prompt appeared, I was prompted for my master password. However, the 1Password dialog would never take focus, so my master password kept getting entered into the username field of the HTTP auth dialog. Not good.



I canceled out, opened the 1Password dialog to unlock it, then tried again. I was able to access the 1Password dialog with the HTTP auth window open but I could only copy the password, not the username. It would be better if I could copy both and paste into the HTTP auth dialog while 1Password's is open, although I suppose there's an API restriction preventing that.



Also, I had to double-click the circled ">" to expand it. Shouldn't a single click be enough?



-Derek

joco

How do you get this new version to work with a standard login window?????

khad

Hey Derek,



You do need to copy the password before you access the HTTP Auth prompt since extensions are not available in the modal state that the HTTP Auth prompt creates. A single-click works for me using the latest version of the extension, and I am able to copy any field (not just the password field).



Please let me know if updating to at least 1Password 3.7.0 and version 3.7.b7 of the Safari extension helps.



Again, this is not ideal, but until we can develop a solution for the limitation in the Safari extension APIs this is a possible workaround.



Cheers,

khad

joco,



I took a guess at what you meant and merged your post with this thread. Please see above and let me know if you have any additional questions or concerns. I can always split your post from this thread if I have misunderstood what you meant.

joco

[quote name='khad' timestamp='1312198451' post='35590']

joco,



I took a guess at what you meant and merged your post with this thread. Please see above and let me know if you have any additional questions or concerns. I can always split your post from this thread if I have misunderstood what you meant.

[/quote]



Nope thats what I meant. Geez you guys broke ALOT of stuff!!!

DjPadz

[quote name='joco' timestamp='1312260079' post='35901']

Nope thats what I meant. Geez you guys broke ALOT of stuff!!!

[/quote]



Joco, you might want to read the earlier posts in this thread... Truth be told, AB didn't break anything (and, I admit, I'm guilty of having thought that initially, too); the new version of Safari simply doesn't support the mechanism that was used by the previous version of the plugin, to handle HTTP authentication, or any mechanism for doing HTTP authentication, for that matter. As a matter of fact, the new extension is a complete rewrite of the old code, because none of it could be ported over. I'd say they're doing a bang-up job so far, and, once a way to handle HTTP authentication is handled, I'm fully confident that they'll make it work.



My $0.02



--Dj

[Deleted User]

Thanks for the support, Dj, we really appreciate it.



I know we're looking into some ways to handle HTTP Authentication prompts for the future, but my understanding is that these won't be something we can just implement overnight.



What I've been personally doing for the few HTTP Auth. logins I use is to use the option to save them to my OS X Keychain, though this is probably only a good idea if no-one else has access to your system.



[quote name='DjPadz' timestamp='1312268853' post='35919']

Joco, you might want to read the earlier posts in this thread... Truth be told, AB didn't break anything (and, I admit, I'm guilty of having thought that initially, too); the new version of Safari simply doesn't support the mechanism that was used by the previous version of the plugin, to handle HTTP authentication, or any mechanism for doing HTTP authentication, for that matter. As a matter of fact, the new extension is a complete rewrite of the old code, because none of it could be ported over. I'd say they're doing a bang-up job so far, and, once a way to handle HTTP authentication is handled, I'm fully confident that they'll make it work.



My $0.02



--Dj

[/quote]

Daenney

I don't think that the "but only if someone else hasn't access to your system" really matters.



If all is well you don't allow people to use your account when you're not around for a sheer number of reasons, access to your Mail, Calendars, Contacts and so forth. Since they need you password to log in to your account and thus to unlock the keychain nothing bad can happen.

Of course if you just let everyone use your system and haven't even minimum protection for your account in place then well... you really ought to just... you know... shoot yourself in the foot or something.



Additionally through Keychain Access you can set two additional properties for access to your password: 1: Confirm before allowing access and 2) Ask for keychain password. Even if someone else is still using your system, as long as they don't know your login/keychain password those accounts are just as safe. Of course, if you're login/keychain password is something stupid as "qwerty1234" it won't matter much but I figure anyone using 1Password is a bit more paranoid about decent passwords.





On the same front, anything new about auth in HTTPAuth-modals?

[Deleted User]

Thanks for the post Daenney, and the very helpful tip about access control for Keychain items, I honestly didn't know about that one myself.



[quote name='Daenney' timestamp='1312303455' post='36046']

I don't think that the "but only if someone else hasn't access to your system" really matters.



If all is well you don't allow people to use your account when you're not around for a sheer number of reasons, access to your Mail, Calendars, Contacts and so forth. Since they need you password to log in to your account and thus to unlock the keychain nothing bad can happen.



Of course if you just let everyone use your system and haven't even minimum protection for your account in place then well... you really ought to just... you know... shoot yourself in the foot or something.[/quote]



That's a really good point, I know many people who don't take care of their personal data and just leave their system unlocked with everything set to auto-login.



There's two things in computing life that wind me up, people who don't take sensible security precautions and people who don't backup. If anyone is reading this post and isn't using something like Time Machine to backup their data, please stop reading here and go and set it up, yes, right now.



[quote]On the same front, anything new about auth in HTTPAuth-modals?[/quote]



We just can't interact with them at the moment, there's no APIs for this in Safari's extension framework, so honestly I can't say if or when we may be able to have a workaround in place.

DjPadz

[quote name='stu' timestamp='1312304405' post='36053']

We just can't interact with them at the moment, there's no APIs for this in Safari's extension framework, so honestly I can't say if or when we may be able to have a workaround in place.

[/quote]



Just a random thought... What about implementing HTTP auth auto-fill as either an input method, or as a contextual menu item? In the latter case, the user would have to right-click in each of the username and password fields to fill in the appropriate values, but it might also make for a good "universal" means of autofilling 1Password data into any application.

[Deleted User]

That's certainly something we're exploring, one way to work around the Safari extension limitations would be to implement something on a 'global' scale that could be used system wide.



There's quite a few challenges with this, but I think it's one of the better options as it, as you pointed out, opens up the ability for 1Password to fill details into other applications too.



I'm not going to promise when we'll have something available, because honestly we don't know ourselves right now as our focus is on getting everything in place with the Safari extension itself.





[quote name='DjPadz' timestamp='1312304820' post='36054']

Just a random thought... What about implementing HTTP auth auto-fill as either an input method, or as a contextual menu item? In the latter case, the user would have to right-click in each of the username and password fields to fill in the appropriate values, but it might also make for a good "universal" means of autofilling 1Password data into any application.

[/quote]

Daenney

[quote name='stu' timestamp='1312305226' post='36057']

That's certainly something we're exploring, one way to work around the Safari extension limitations would be to implement something on a 'global' scale that could be used system wide.



There's quite a few challenges with this, but I think it's one of the better options as it, as you pointed out, opens up the ability for 1Password to fill details into other applications too.



I'm not going to promise when we'll have something available, because honestly we don't know ourselves right now as our focus is on getting everything in place with the Safari extension itself.

[/quote]



That would in essence combine the fix for this with: http://forum.agile.ws/index.php?/topic/5358-feature-request-auto-type/





[quote name='stu' timestamp='1312304405' post='36053']

Thanks for the post Daenney, and the very helpful tip about access control for Keychain items, I honestly didn't know about that one myself.

[/quote]



Almost no-one seems to, I'm unsure if that existed prior to Lion I must say. Stumbled across it accidentally when I was trying to get CoRD to still prompt me for a password even if it was already filled in for the remote desktop connection.

[Deleted User]

[quote name='Daenney' timestamp='1312316045' post='36145']

That would in essence combine the fix for this with: http://forum.agile.ws/index.php?/topic/5358-feature-request-auto-type/[/quote]



It would indeed, and I think that's the aim too, it would be silly to implement something that would just be used for HTTP Auth when there's a lot more potential too.



[quote]Almost no-one seems to, I'm unsure if that existed prior to Lion I must say. Stumbled across it accidentally when I was trying to get CoRD to still prompt me for a password even if it was already filled in for the remote desktop connection.[/quote]



One of the things that always makes me smile is how much power there truly is under the hood of OS X, but I guess that's what we get for having a true UNIX based OS <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/skype_smile.png' class='bbc_emoticon' alt=':-)' />

canadian4evr

When I try to login to my router, or other websites that require authentication without using a form 1Password doesn't automatically ask you to save the login details.



This has been broken since I upgraded to Lion. I have upgraded both the safari extensions as well as the 1Password applications today but the issues remain.



I've attached a screenshot showing what I mean.

khad

Welcome to the forums, canadian4evr! Your username will certain endear you to the co-founders here. <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/skype_smile.png' class='bbc_emoticon' alt=':-)' />



I merged your post with the related thread. Please see above for more details, but the short version is that the Safari 5.1 extension APIs do not provide access to "HTTP Auth prompts" like the one your router uses.



We are working on a solution, but there is not a time frame at the moment.



Please let me know if you have any additional questions or concerns. We are always here to help!

bar

[quote name='brenty' timestamp='1310707742' post='32055']

[url="http://help.agilebits.com/1Password3/http_auth.html"]This is indeed a "known issue"[/url], in that the Safari extension API -- [url="http://help.agilebits.com/1Password3/google_chrome_details.html#http_authentication_prompts"]likewise with Chrome[/url] -- does not allow for interacting with HTTP Auth prompts. If they allow this in the future, we would love to get this working; but for now this is simply not possible.

[/quote]



Hi,

This functionality is most important for me. Without that 1Password is practically uselessfor me.

Ben

Hi bar,



Welcome to the forums. HTTP auth should still work in Firefox with 1Password. That's the best I've got at the moment.



Thanks

Ben

Daenney

Another thing that crossed my mind. Did anyone contact Apple and/or the WebKit community to see if there's a way they can actually provide an API to influence modal dialogues?



Especially for extensions such as 1Password it makes sense and 1P is not the only password manager around for Safari/WebKit so perhaps some developers would like to pick this up.

dteare

[quote name='Daenney' timestamp='1313069711' post='38532']

Another thing that crossed my mind. Did anyone contact Apple and/or the WebKit community to see if there's a way they can actually provide an API to influence modal dialogues?

[/quote]



I talked directly with some of the Safari engineers during WWDC and I didn't get the feeling this was a high priority for them. Http Auth is a pretty old technology and perhaps Apple (and Google) are hoping it dies before they need to add support. Like Flash on iOS.



Given this, it appears we're on our own, at least for now. If we're going to support Http Auth we will need to find a creative workaround. We have some ideas in mind but they are rather large changes so it will be quite some time before these ideas come to fruition.

Daenney

[quote name='dteare' timestamp='1313076907' post='38556']



I talked directly with some of the Safari engineers during WWDC and I didn't get the feeling this was a high priority for them. Http Auth is a pretty old technology and perhaps Apple (and Google) are hoping it dies before they need to add support. Like Flash on iOS.

[/quote]



That's just stupid on their part. There's nothing wrong with HTTP Auth as long as it is done securely (same goes for any login) over SSL. HTTP Auth has been around for ages and is insanely simple to setup to protect an app or a directory, not everything needs a complete login and session(validation) framework.

Heck, even "important" stuff like version-controlsystems default to HTTP Auth for most of their transactions (git being the obvious exception).