Enable fido2 2FA on Linux

[quexten]

🎟️ Tracking

📔 Objective

Electron on Linux just supports fido2, same thing as with mac applies, no pinentry.
Sandboxed linux (snap/flatpak) need some further permissions before they can be enabled.

📸 Screenshots

⏰ Reminders before review

• Contributor guidelines followed
• All formatters and local linters executed and passed
• Written new unit and / or integration tests where applicable
• Protected functional changes with optionality (feature flags)
• Used internationalization (i18n) for all UI strings
• CI builds passed
• Communicated to DevOps any deployment requirements
• Updated any necessary documentation (Confluence, contributing docs) or informed the documentation team

🦮 Reviewer guidelines

• 👍 (:+1:) or similar for great changes
• 📝 (:memo:) or ℹ️ (:information_source:) for notes or general info
• ❓ (:question:) for questions
• 🤔 (:thinking:) or 💭 (:thought_balloon:) for more open inquiry that's not quite a confirmed issue and could potentially benefit from discussion
• 🎨 (:art:) for suggestions / improvements
• ❌ (:x:) or ⚠️ (:warning:) for more significant problems or concerns needing attention
• 🌱 (:seedling:) or ♻️ (:recycle:) for future improvements or indications of technical debt
• ⛏ (:pick:) for minor or nitpick changes

[github-actions]

Checkmarx One – Scan Summary & Details – 03552f0a-9cfc-4842-b49e-a8d748f8dada

New Issues (4)

Checkmarx found the following issues in this Pull Request

Severity	Issue	Source File / Package	Checkmarx Insight
	CVE-2025-0611	Npm-electron-33.3.1	Vulnerable Package
	CVE-2024-12381	Npm-electron-33.3.1	Vulnerable Package
	CVE-2025-0612	Npm-electron-33.3.1	Vulnerable Package
	Client_Privacy_Violation	/libs/tools/generator/components/src/username-generator.component.html: 3	details Method at line 3 of /libs/tools/generator/components/src/username-generator.component.html sends user information outside the application. This ma... Attack Vector

Fixed Issues (1)

Great job! The following issues were fixed in this Pull Request

Severity	Issue	Source File / Package
	Cx14b19a02-387a	Npm-body-parser-1.20.3

[codecov]

Codecov Report

Attention: Patch coverage is 0% with 1 line in your changes missing coverage. Please review.

Project coverage is 34.34%. Comparing base (4aa3b7e) to head (1716aff).

✅ All tests successful. No failed tests found.

Files with missing lines	Patch %	Lines
...atform/services/electron-platform-utils.service.ts	0.00%	1 Missing ⚠️

Additional details and impacted files

@@                Coverage Diff                @@
##           km/fido-2-on-mac   #13038   +/-   ##
=================================================
  Coverage             34.34%   34.34%           
=================================================
  Files                  2965     2965           
  Lines                 90515    90514    -1     
  Branches              16977    16976    -1     
=================================================
  Hits                  31086    31086           
+ Misses                56965    56964    -1     
  Partials               2464     2464           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[Be-ing]

I tested on Linux and this works! 🎉 Thank you! That was much simpler than the past PRs for this; just had to wait for Electron to handle it 😄

There are some UX pitfalls though, particularly with inconsistencies between the desktop application and browser extension. With the browser extension, first I am prompted to open a tab (after entering the master password):

The page opened in that tab has an "Authenticate WebAuthn" button that needs to be clicked before my Yubikey blinks and touching it logs in.

In the desktop client, I see an "Authenticate WebAuthn" button that looks just like the tab the browser extension opens, so when I first tested it, I clicked it. However, that pops up a confusing error: "The authentication was cancelled or took too long. Please try again."

It took me a few tries to realize that I don't actually need to click that blue "Authenticate WebAuthn" button in the desktop client like I do in the browser extension. When the page is shown with that button, my Yubikey blinks without needing any interaction, unlike the browser extension. So I can simply tap my Yubikey and that error doesn't actually matter; it's just misleading.

I haven't tested on macOS or Windows, so I'm not sure if this is a platform-specific issue; I doubt it is. If this is a preexisting bug, I can open a new issue to track it.