Biometrics Prompt Should Not Ask For Permission Twice

[quexten]

Right now there are 2 prompts, one for authentication (polkit), and one for approval. It would be nicer to just have 1 prompt. Some polkit (or pam) authentication modules don't require interaction (f.e howdy). I'm not sure if we can detect this.

If we just accept this, then the "risk" would be that, using a no-interaction required auth method, a malicious app could trigger the biometrics prompt, and instantly get the vault user key from goldwarden, while the user is sitting in front of their computer.

[quexten]

For the record, I'm personally fine with either as long as the "risk" is described clearly to the user. Malicious applications on the same device are only a secondary goal to strive towards where reasonable. In this case, the usability is significantly hurt.

[c4tz]

I also think the risk (especially when using howdy, which itself states it is unsafe) is ok.

I think these would be possible options to handle this:

• Make the approval pop-up optional (e.g. by having a config entry / env var), so users with/without concerns could opt-in/out of having to "double" approve all requests
• Do the same as howdy and state in the docs that users who do not want to take this risk can add another (required) PAM/Polkit verification step in form of a password/PIN/etc.