amplify-ui: (React) UI Components don't support password managers

Describe the bug Browsers don’t recognize the input elements as Auth related.

-> No “password suggestion” on during account creation -> No autofill during sign in -> No prompt “save password?” during sign in

I’m not sure what details are necessary for this to work, but I tried setting the name attribute and others through formFields. But that didn’t help solve this issue. (https://www.chromium.org/developers/design-documents/form-styles-that-chromium-understands)

-> Form is not part of a “form” element -> The “sign in/up” buttons aren’t labelled as type “submit”

About this issue

  • Original URL
  • State: closed
  • Created 4 years ago
  • Reactions: 44
  • Comments: 52 (20 by maintainers)

Commits related to this issue

Most upvoted comments

Personally, I don’t think this should be labeled as a feature-request, this is a bug. Users are really confused about this.

Currently, there is no point in using the password component.

+22
fbiel on Mar 3, 2021

This is a blocker for us (and probably most people) to upgrade our version of Amplify without a workaround. Looks like this bug seems to have been there for a while, any news on when it will be fixed?

+21
adamjmarkham on Nov 3, 2020

The use of the shadow DOM is highly problematic, not just for password managers, but for testability, as DOM selectors need to be manually altered to work around the shadow DOM.

This should no doubt be a bug.

+10
24601 on Apr 24, 2021

With regards to our current components (before we publish the rewrite), we are looking at workaround that’ll allow saving username/password and autofilling credentials based on that (~branch~ PR https://github.com/aws-amplify/amplify-js/pull/8181).

Kapture 2021-04-20 at 16 46 09 (1)

This workaround does not support dropdown for multiple credentials, but this will at least allow for a credential save and autofill (edit: on chrome and firefox) while we work on the rewrite. Please let us know with any feedback or suggestions. We’ll work on getting the workaround tested and reviewed meanwhile.

+9
wlee221 on Apr 28, 2021

Hello all, we just merged in the password manager workaround (pr aws-amplify/amplify-js#8181). This is now available in unstable npm tag and will be published in the next release cycle. To use this workaround, you need to wrap your authenticator with AmplifyAuthContainer:

<AmplifyAuthContainer>
  <AmplifyAuthenticator>
    ...
  </AmplifyAuthenticator>
</AmplifyAuthContainer>

(or with amplify-auth-container on vue/angular). Under the hood, AmplifyAuthContainer contains a hidden form that is not shadowed and thus gets autofilled. Then we use event listeners to send that autofill down to the amplify-authenticator.

This workaround works for Chrome and Firefox. Safari does not trigger credentials save even when form shadows are disabled, so this will be a limitation until our rewrite. Please let us know with any questions or issues with this solution. We’ll keep this issue open to track this until this is completely resolved.

+8
wlee221 on Apr 28, 2021

Any news on this topic? This is a really annoying bug!

+7
p0fi on Jan 22, 2021

Hi @strugman , we have added support for password managers to our new Authenticator, which is currently under the @next tag.

Link to our documentation - https://ui.docs.amplify.aws/ui/components/authenticator?platform=react

And a link to a small test checking for support - https://github.com/aws-amplify/amplify-ui/blob/main/packages/e2e/features/ui/components/authenticator/sign-up-with-username.feature#L30-L33

If you’d like, give it a try and see if the new version works better for you!

+3
eddiekeller on Oct 5, 2021

same issue with aws-amplify-angular

+3
richiewebgate on Jul 28, 2020

Hello, apologies on the late response here. The new authenticator is being actively developed in a separate repo aws-amplify/amplify-ui repository. This version will have full support for both browser and third party password managers (addressed specifically in https://github.com/aws-amplify/amplify-ui/pull/357. We are looking to make our first pre-release soon, after which you can try new versions for feedbacks or early adoption. The progress can be tracked in the ui repo.

This new version makes multiple improvements that are listed in detail in RFC: Authenticator@next on top of password manager support, so we’d appreciate any feedback there. Thanks for your patience while we work through it, and as always feedbacks / contributions are welcome.

+2
wlee221 on Sep 14, 2021

It will. The rewrite will stick with the best html practices to support a broad variety of password managers, which really boils down to not using shadow DOM.

+2
wlee221 on May 13, 2021

@ClaudioVR, No let me clarify this a little bit.

<amplify-auth-container>
  <amplify-authenticator></amplify-authenticator>
</amplify-auth-container>

I have a docs PR https://github.com/aws-amplify/docs/pull/3224 that I’ll merge soon.

+2
wlee221 on May 13, 2021

@cburkins, we’ve given this more thought and we will be modifying the HOC to include this workaround by default. We’ll create a PR soon.

+2
wlee221 on May 4, 2021

I’m currently enjoying the simplicity of using the withAuthenticator HOC. As such, am I easily able to deploy this ? I’m not sure how to apply “you need to wrap your authenticator with AmplifyAuthContainer”

+2
cburkins on May 2, 2021

Any updates on this?

+2
TAConsulting on Oct 28, 2020

does not work with @aws-amplify/ui-vue either

+2
PeterBurner on Jul 28, 2020

Vaadin login component handles this by not using the shadow dom for the form https://github.com/vaadin/vaadin-login/blob/9e76baf5e8a7dccf5e65116d0fc91b49ea3bdf2a/src/vaadin-login-form.html#L50

+2
anantoghosh on Jul 23, 2020

@markcarroll Yes we do! https://github.com/aws-amplify/amplify-ui/milestone/1

+1
ericclemmons on Nov 2, 2021

@patti-berchi do you mean you got the password-manager working? I am using 1password, latest versions … “aws-amplify”: “^4.2.1”, “@aws-amplify/ui-components”: “^1.7.0”, “@aws-amplify/ui-vue”: “^1.1.1”, …

Reinstalled everything; added even the formfields with autocomplete; no luck sofar.

@wlee221 how long for the version without the shadow-dom (or is it released and I missed it completely … )

+1
hrietman on Jul 27, 2021

You’re welcome! We just merged aws-amplify/amplify-js#8243 to support withAuthenticator – you shouldn’t need to update any code to use this workaround. This has some restrictions as stated before, but hopefully this will alleviate some of the accessibility pain while we work on the rewrite.

The fix will hit unstable soon and will be published in the next release cycle. We’ll fix this issue more completely on our rewrite (without hidden forms 😄 ) and close this issue then. I’ll mark this back to feature-request as a workaround has been provided. Thanks for your patience!

+1
wlee221 on May 12, 2021

Any progress on this? its a unpleasant missing feature.

+1
DavidNelsonCordelia on Mar 31, 2021

@ryan-mars The issue is using of shadow dom for the form (not using plain HTML for the form). I tried to force the components to be in compatibility mode.

It works on Firefox. On chrome, it only saves the password but it won’t let you use it.

It could be hacked together with this https://developers.google.com/web/fundamentals/security/credential-management to make it work but it’s not a solution.

+1
fdobrovolny on Jan 25, 2021

Seems that the usage of shadow DOM is the root cause: https://bugs.chromium.org/p/chromium/issues/detail?id=770175

+1
Purii on Jul 22, 2020
Read more comments on GitHub
← amplify-ui: Jest test fails on error thrown by package `mapbox-gl`
amplify-ui: Social login is not properly doing redirect (Only Angular) →