Bumped version to 2024.3.0 (#3080)

(cherry picked from commit e7f9d64edb)

.github/CODEOWNERS

@@ -30,14 +30,14 @@ src/watchOS @bitwarden/team-vault-dev
 src/Core/Services/EmailForwarders @bitwarden/team-tools-dev
 
 ## Crowdin Sync files ##
-src/App/Resources @bitwarden/team-tools-dev
+src/Core/Resources/Localization @bitwarden/team-tools-dev
 src/watchOS/bitwarden/bitwarden\ WatchKit\ Extension/Localization @bitwarden/team-tools-dev
 store/apple @bitwarden/team-tools-dev
 store/google @bitwarden/team-tools-dev
 
 ## Locales ## 
-src/App/Resources/AppResources.Designer.cs
-src/App/Resources/AppResources.resx
+src/Core/Resources/Localization/AppResources.Designer.cs
+src/Core/Resources/Localization/AppResources.resx
 src/watchOS/bitwarden/bitwarden\ WatchKit\ Extension/Localization/en.lproj
 store/apple/en
 store/google/en

.github/secrets/google-services.json.gpg

@@ -1,3 +0,0 @@
-<EFBFBD>
-	K<>Y#<23>(<28><><EFBFBD><EFBFBD>
EI֐߄T?)l<><6C><EFBFBD><18><><10>"=<3D>|<7C>'e<><0E>m<EFBFBD>/~<7E><>'F<><46>><3E><><EFBFBD><EFBFBD>l<EFBFBD>b<EFBFBD>[<5B>+R<><52>iL<69><4C>"<22><><EFBFBD>~V:<3A><>p<EFBFBD>a<17>ڵel%8t<38><74>튖<EFBFBD>y<<3C>n<EFBFBD><6E><EFBFBD>aU<61>w<16>JD<4A><44><1F><>We<57>9<EFBFBD><39><EFBFBD><EFBFBD><x8d<38>O<EFBFBD>j\<14>ד<EFBFBD><D793><EFBFBD>Vq<56><71>֋
-Ǻ<EFBFBD>-<2D>#<23><><11><>]$<24>(<28>l,<2C>Br<42><02><>d<><64><EFBFBD>•a-<2D><><EFBFBD>:<3A><>:<3A><04>9b,!Em<02><19><>Qf<>D<EFBFBD>g<EFBFBD><06><0E>x(P<>ȡ~<7E>͹<EFBFBD><CDB9>	<09><>[<06><>!:<3A>;f<><66>

.github/workflows/build-beta.yml

@@ -0,0 +1,5 @@
+---
+name: Build Beta
+
+on:
+  workflow_dispatch:

.github/workflows/build.yml

@@ -31,6 +31,7 @@ jobs:
       - name: Print lines of code
         run: cloc --vcs git --exclude-dir Resources,store,test,Properties --include-lang C#,XAML
 
+
   setup:
     name: Setup
     runs-on: ubuntu-22.04
@@ -58,6 +59,7 @@ jobs:
             echo "hotfix_branch_exists=0" >> $GITHUB_OUTPUT
           fi
 
+
   android:
     name: Android
     runs-on: windows-2022
@@ -67,7 +69,8 @@ jobs:
       matrix:
         variant: ["prod", "qa"]
     env:
-      android_folder_path: src/App/Platforms/Android
+      android_folder_path: src\App\Platforms\Android
+      android_folder_path_bash: src/App/Platforms/Android
     steps:
       - name: Setup NuGet
         uses: nuget/setup-nuget@296fd3ccf8528660c91106efefe2364482f86d6f # v1.2.0
@@ -82,7 +85,7 @@ jobs:
       - name: Set up MSBuild
         uses: microsoft/setup-msbuild@ede762b26a2de8d110bb5a3db4d7e0e080c0e917 # v1.3.3
 
-      # This step might be obsolete at some point as .NET MAUI workloads 
+      # This step might be obsolete at some point as .NET MAUI workloads
       # are starting to come pre-installed on the GH Actions build agents.
       - name: Install MAUI Workload
         run: dotnet workload install maui --ignore-failed-sources
@@ -93,7 +96,8 @@ jobs:
       - name: Install Microsoft OpenJDK 11
         run: |
           choco install microsoft-openjdk11 --no-progress
-          Write-Output "JAVA_HOME=$(Get-ChildItem -Path 'C:\Program Files\Microsoft\jdk*' | Select -First 1 -ExpandProperty FullName)" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append
+          Write-Output "JAVA_HOME=$(Get-ChildItem -Path 'C:\Program Files\Microsoft\jdk*' | `
+            Select -First 1 -ExpandProperty FullName)" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append
           Write-Output "Java Home: $env:JAVA_HOME"
 
       - name: Print environment
@@ -109,27 +113,34 @@ jobs:
         with:
           fetch-depth: 0
 
-      - name: Decrypt secrets
-        env:
-          DECRYPT_FILE_PASSWORD: ${{ secrets.DECRYPT_FILE_PASSWORD }}
-        run: |
-          mkdir -p ~/secrets
+      - name: Login to Azure - CI Subscription
+        uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0
+        with:
+          creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
 
-          gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \
-            --output ./${{ env.main_app_folder_path }}/app_play-keystore.jks ./.github/secrets/app_play-keystore.jks.gpg
-          gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \
-            --output ./${{ env.main_app_folder_path }}/app_upload-keystore.jks ./.github/secrets/app_upload-keystore.jks.gpg
-          gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \
-            --output $HOME/secrets/play_creds.json ./.github/secrets/play_creds.json.gpg
+      - name: Download secrets
+        env:
+          ACCOUNT_NAME: bitwardenci
+          CONTAINER_NAME: mobile
+        run: |
+          mkdir -p $HOME/secrets
+
+          az storage blob download --account-name $ACCOUNT_NAME --container-name $CONTAINER_NAME \
+          --name app_play-keystore.jks --file ./${{ env.android_folder_path_bash }}/app_play-keystore.jks --output none
+          az storage blob download --account-name $ACCOUNT_NAME --container-name $CONTAINER_NAME \
+          --name app_upload-keystore.jks --file ./${{ env.android_folder_path_bash }}/app_upload-keystore.jks --output none
+          az storage blob download --account-name $ACCOUNT_NAME --container-name $CONTAINER_NAME \
+          --name play_creds.json --file $HOME/secrets/play_creds.json --output none
         shell: bash
 
-      - name: Decrypt secrets - Google Services
+      - name: Download secrets - Google Services
         if: ${{ matrix.variant == 'prod' }}
         env:
-          DECRYPT_FILE_PASSWORD: ${{ secrets.DECRYPT_FILE_PASSWORD }}
+          ACCOUNT_NAME: bitwardenci
+          CONTAINER_NAME: mobile
         run: |
-          gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \
-            --output ./${{ env.android_folder_path }}/google-services.json ./.github/secrets/google-services.json.gpg
+          az storage blob download --account-name $ACCOUNT_NAME --container-name $CONTAINER_NAME \
+          --name google-services.json --file ./${{ env.android_folder_path_bash }}/google-services.json --output none
         shell: bash
 
       - name: Increment version
@@ -139,9 +150,9 @@ jobs:
           echo "########################################"
           echo "##### Setting Version Code $BUILD_NUMBER"
           echo "########################################"
-          
+
           sed -i "s/android:versionCode=\"1\"/android:versionCode=\"$BUILD_NUMBER\"/" \
-            ./${{ env.android_folder_path }}/AndroidManifest.xml
+            ./${{ env.android_folder_path_bash }}/AndroidManifest.xml
         shell: bash
 
       - name: Restore packages
@@ -150,78 +161,70 @@ jobs:
       - name: Restore tools
         run: dotnet tool restore
 
-      # - name: Verify Format
-      #   run: dotnet tool run dotnet-format --check
+      # - name: Run Core tests
+      #   run: |
+      #     dotnet test test/Core.Test/Core.Test.csproj --logger "trx;LogFileName=test-results.trx" `
+      #       /p:CustomConstants=UT
 
-      - name: Run Core tests
-        run: dotnet test test/Core.Test/Core.Test.csproj --logger "trx;LogFileName=test-results.trx" /p:CustomConstants=UT
-
-      - name: Report test results
-        uses: dorny/test-reporter@eaa763f6ffc21c7a37837f56cd5f9737f27fc6c8 # v1.8.0
-        if: always()
-        with:
-          name: Test Results
-          path: "**/test-results.trx"
-          reporter: dotnet-trx
-          fail-on-error: true
+      # - name: Report test results
+      #   uses: dorny/test-reporter@eaa763f6ffc21c7a37837f56cd5f9737f27fc6c8 # v1.8.0
+      #   if: always()
+      #   with:
+      #     name: Test Results
+      #     path: "**/test-results.trx"
+      #     reporter: dotnet-trx
+      #     fail-on-error: true
 
       - name: Build Play Store publisher
         if: ${{ matrix.variant == 'prod' }}
-        run: dotnet build ./store/google/Publisher/Publisher.csproj -p:Configuration=Release
+        run: dotnet build .\store\google\Publisher\Publisher.csproj /p:Configuration=Release
 
       - name: Setup Android build  (${{ matrix.variant }})
         run: dotnet cake build.cake --target Android --variant ${{ matrix.variant }}
 
-      - name: Build Android
-        run: |
-          $configuration = "Release";
-          $projToBuild = $($env:GITHUB_WORKSPACE + "/${{ env.main_app_project_path }}");
-
-          Write-Output "########################################"
-          Write-Output "##### Build $configuration Configuration"
-          Write-Output "########################################"
-          
-          dotnet build $projToBuild -c $configuration -f ${{ env.target-net-version }}-android
-
-      - name: Sign Android Build
+      - name: Build & Sign Android
         env:
           PLAY_KEYSTORE_PASSWORD: ${{ secrets.PLAY_KEYSTORE_PASSWORD }}
           UPLOAD_KEYSTORE_PASSWORD: ${{ secrets.UPLOAD_KEYSTORE_PASSWORD }}
         run: |
-          $projToBuild = $($env:GITHUB_WORKSPACE + "/${{ env.main_app_project_path }}");
+          $projToBuild = "$($env:GITHUB_WORKSPACE)/${{ env.main_app_project_path }}";
           $packageName = "com.x8bit.bitwarden";
 
           if ("${{ matrix.variant }}" -ne "prod")
           {
             $packageName = "com.x8bit.bitwarden.${{ matrix.variant }}";
           }
-          Write-Output "########################################"
           Write-Output "##### Sign Google Play Bundle Release Configuration"
-          Write-Output "########################################"
 
-          dotnet publish $projToBuild -c Release -f ${{ env.target-net-version }}-android /p:AndroidPackageFormats=aab /p:AndroidKeyStore=true /p:AndroidSigningKeyStore=$("app_upload-keystore.jks") /p:AndroidSigningKeyAlias=upload /p:AndroidSigningKeyPass="$($env:UPLOAD_KEYSTORE_PASSWORD)" /p:AndroidSigningStorePass="$($env:UPLOAD_KEYSTORE_PASSWORD)" --no-restore
+          $signingUploadKeyStore = "$($env:GITHUB_WORKSPACE)\${{ env.android_folder_path }}\app_upload-keystore.jks"
+          dotnet publish $projToBuild -c Release -f ${{ env.target-net-version }}-android `
+            /p:AndroidPackageFormats=aab `
+            /p:AndroidKeyStore=true `
+            /p:AndroidSigningKeyStore=$signingUploadKeyStore `
+            /p:AndroidSigningKeyAlias=upload `
+            /p:AndroidSigningKeyPass="$($env:UPLOAD_KEYSTORE_PASSWORD)" `
+            /p:AndroidSigningStorePass="$($env:UPLOAD_KEYSTORE_PASSWORD)" --no-restore
 
-          Write-Output "########################################"
           Write-Output "##### Copy Google Play Bundle to project root"
-          Write-Output "########################################"
 
-          $signedAabPath = $($env:GITHUB_WORKSPACE + "/${{ env.main_app_folder_path }}/bin/Release/${{ env.target-net-version }}-android/publish/$($packageName)-Signed.aab");
-          $signedAabDestPath = $($env:GITHUB_WORKSPACE + "/$($packageName).aab");
+          $signedAabPath = "$($env:GITHUB_WORKSPACE)\${{ env.main_app_folder_path }}\bin\Release\${{ env.target-net-version }}-android\publish\$($packageName)-Signed.aab";
+          $signedAabDestPath = "$($env:GITHUB_WORKSPACE)\$($packageName).aab";
           Copy-Item $signedAabPath $signedAabDestPath
 
-          Write-Output "########################################"
           Write-Output "##### Sign APK Release Configuration"
-          Write-Output "########################################"
 
-          dotnet publish $projToBuild -c Release -f ${{ env.target-net-version }}-android /p:AndroidKeyStore=true /p:AndroidSigningKeyStore=$("app_play-keystore.jks") /p:AndroidSigningKeyAlias=bitwarden /p:AndroidSigningKeyPass="$($env:PLAY_KEYSTORE_PASSWORD)" /p:AndroidSigningStorePass="$($env:PLAY_KEYSTORE_PASSWORD)" --no-restore
+          $signingPlayKeyStore = "$($env:GITHUB_WORKSPACE)\${{ env.android_folder_path }}\app_play-keystore.jks"
+          dotnet publish $projToBuild -c Release -f ${{ env.target-net-version }}-android `
+            /p:AndroidKeyStore=true `
+            /p:AndroidSigningKeyStore=$signingPlayKeyStore `
+            /p:AndroidSigningKeyAlias=bitwarden `
+            /p:AndroidSigningKeyPass="$($env:PLAY_KEYSTORE_PASSWORD)" `
+            /p:AndroidSigningStorePass="$($env:PLAY_KEYSTORE_PASSWORD)" --no-restore
 
-          Write-Output "########################################"
           Write-Output "##### Copy Release APK to project root"
-          Write-Output "########################################"
-
-          $signedApkPath = $($env:GITHUB_WORKSPACE + "/${{ env.main_app_folder_path }}/bin/Release/${{ env.target-net-version }}-android/publish/$($packageName)-Signed.apk");
-          $signedApkDestPath = $($env:GITHUB_WORKSPACE + "/$($packageName).apk");
 
+          $signedApkPath = "$($env:GITHUB_WORKSPACE)\${{ env.main_app_folder_path }}\bin\Release\${{ env.target-net-version }}-android\publish\$($packageName)-Signed.apk";
+          $signedApkDestPath = "$($env:GITHUB_WORKSPACE)\$($packageName).apk";
           Copy-Item $signedApkPath $signedApkDestPath
 
       - name: Upload Prod .aab artifact
@@ -283,20 +286,20 @@ jobs:
           || (github.ref == 'refs/heads/rc' && needs.setup.outputs.hotfix_branch_exists == 0)
           || github.ref == 'refs/heads/hotfix-rc' ) }}
         run: |
-          PUBLISHER_PATH="$GITHUB_WORKSPACE/store/google/Publisher/bin/Release/net7.0/Publisher.dll"
-          CREDS_PATH="$HOME/secrets/play_creds.json"
-          AAB_PATH="$GITHUB_WORKSPACE/com.x8bit.bitwarden.aab"
-          TRACK="internal"
+          $publisherPath = "$($env:GITHUB_WORKSPACE)\store\google\Publisher\bin\Release\net8.0\Publisher.dll"
+          $credsPath = "$($HOME)\secrets\play_creds.json"
+          $aabPath = "$($env:GITHUB_WORKSPACE)\com.x8bit.bitwarden.aab"
+          $track = "internal"
 
-          dotnet $PUBLISHER_PATH $CREDS_PATH $AAB_PATH $TRACK
-        shell: bash
+          dotnet $publisherPath $credsPath $aabPath $track
 
 
   f-droid:
     name: F-Droid Build
     runs-on: windows-2022
     env:
-      android_folder_path: src/App/Platforms/Android
+      android_folder_path: src\App\Platforms\Android
+      android_folder_path_bash: src/App/Platforms/Android
       android_manifest_path: src/App/Platforms/Android/AndroidManifest.xml
     steps:
       - name: Setup NuGet
@@ -312,7 +315,7 @@ jobs:
       - name: Set up MSBuild
         uses: microsoft/setup-msbuild@ede762b26a2de8d110bb5a3db4d7e0e080c0e917 # v1.3.3
 
-      # This step might be obsolete at some point as .NET MAUI workloads 
+      # This step might be obsolete at some point as .NET MAUI workloads
       # are starting to come pre-installed on the GH Actions build agents.
       - name: Install MAUI Workload
         run: dotnet workload install maui --ignore-failed-sources
@@ -337,23 +340,25 @@ jobs:
       - name: Checkout repo
         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
 
-      - name: Decrypt secrets
-        env:
-          DECRYPT_FILE_PASSWORD: ${{ secrets.DECRYPT_FILE_PASSWORD }}
-        run: |
-          mkdir -p ~/secrets
+      - name: Login to Azure - CI Subscription
+        uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0
+        with:
+          creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
 
-          gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \
-            --output ./${{ env.main_app_folder_path }}/app_fdroid-keystore.jks ./.github/secrets/app_fdroid-keystore.jks.gpg
+      - name: Download secrets
+        env:
+          ACCOUNT_NAME: bitwardenci
+          CONTAINER_NAME: mobile
+          FILE: app_fdroid-keystore.jks
+        run: |
+          az storage blob download --account-name $ACCOUNT_NAME --container-name $CONTAINER_NAME --name $FILE \
+            --file ${{ env.android_folder_path_bash }}/$FILE --output none
         shell: bash
 
       - name: Increment version
         run: |
           BUILD_NUMBER=$((3000 + $GITHUB_RUN_NUMBER))
-
-          echo "########################################"
           echo "##### Setting Version Code $BUILD_NUMBER"
-          echo "########################################"
 
           sed -i "s/android:versionCode=\"1\"/android:versionCode=\"$BUILD_NUMBER\"/" \
             ./${{ env.android_manifest_path }}
@@ -366,16 +371,12 @@ jobs:
 
           $androidManifest = $($env:GITHUB_WORKSPACE + "/${{ env.android_manifest_path }}");
 
-          Write-Output "########################################"
-          Write-Output "##### Backup project files"
-          Write-Output "########################################"
+          Write-Output "##### Back up project files"
 
           Copy-Item $androidManifest $($androidManifest + ".original");
           Copy-Item $appPath $($appPath + ".original");
 
-          Write-Output "########################################"
           Write-Output "##### Cleanup Android Manifest"
-          Write-Output "########################################"
 
           $xml=New-Object XML;
           $xml.Load($androidManifest);
@@ -388,36 +389,28 @@ jobs:
       - name: Restore packages
         run: dotnet restore
 
-      - name: Build for F-Droid
-        run: |
-          $configuration = "Release";
-          $projToBuild = $($env:GITHUB_WORKSPACE + "/${{ env.main_app_project_path }}");
-
-          Write-Output "########################################"
-          Write-Output "##### Build $configuration FDROID
-          Write-Output "########################################"
-          
-          dotnet build $projToBuild -c $configuration -f ${{ env.target-net-version }}-android /p:CustomConstants="FDROID"
-
-      - name: Sign for F-Droid
+      - name: Build & Sign F-Droid
         env:
           FDROID_KEYSTORE_PASSWORD: ${{ secrets.FDROID_KEYSTORE_PASSWORD }}
         run: |
-          $projToBuild = $($env:GITHUB_WORKSPACE + "/${{ env.main_app_project_path }}");
+          $projToBuild = "$($env:GITHUB_WORKSPACE)\${{ env.main_app_project_path }}";
           $packageName = "com.x8bit.bitwarden";
 
-          Write-Output "########################################"
           Write-Output "##### Sign FDroid"
-          Write-Output "########################################"
 
-          dotnet publish $projToBuild -c Release -f ${{ env.target-net-version }}-android /p:AndroidKeyStore=true /p:AndroidSigningKeyStore=$("app_fdroid-keystore.jks") /p:AndroidSigningKeyAlias=bitwarden /p:AndroidSigningKeyPass="$($env:FDROID_KEYSTORE_PASSWORD)" /p:AndroidSigningStorePass="$($env:FDROID_KEYSTORE_PASSWORD)" /p:CustomConstants="FDROID" --no-restore
+          $signingFdroidKeyStore = "$($env:GITHUB_WORKSPACE)\${{ env.android_folder_path }}\app_fdroid-keystore.jks"
+          dotnet publish $projToBuild -c Release -f ${{ env.target-net-version }}-android `
+            /p:AndroidKeyStore=true `
+            /p:AndroidSigningKeyStore=$signingFdroidKeyStore `
+            /p:AndroidSigningKeyAlias=bitwarden `
+            /p:AndroidSigningKeyPass="$($env:FDROID_KEYSTORE_PASSWORD)" `
+            /p:AndroidSigningStorePass="$($env:FDROID_KEYSTORE_PASSWORD)" `
+            /p:CustomConstants="FDROID" --no-restore
 
-          Write-Output "########################################"
           Write-Output "##### Copy FDroid apk to project root"
-          Write-Output "########################################"
 
-          $signedApkPath = $($env:GITHUB_WORKSPACE + "/${{ env.main_app_folder_path }}/bin/Release/${{ env.target-net-version }}-android/publish/$($packageName)-Signed.apk");
-          $signedApkDestPath = $($env:GITHUB_WORKSPACE + "/com.x8bit.bitwarden-fdroid.apk");
+          $signedApkPath = "$($env:GITHUB_WORKSPACE)\${{ env.main_app_folder_path }}\bin\Release\${{ env.target-net-version }}-android\publish\$($packageName)-Signed.apk";
+          $signedApkDestPath = "$($env:GITHUB_WORKSPACE)\com.x8bit.bitwarden-fdroid.apk";
 
           Copy-Item $signedApkPath $signedApkDestPath
 
@@ -440,6 +433,7 @@ jobs:
           path: ./bw-fdroid-apk-sha256.txt
           if-no-files-found: error
 
+
   ios:
     name: Apple iOS
     runs-on: macos-13
@@ -458,13 +452,13 @@ jobs:
         uses: nuget/setup-nuget@296fd3ccf8528660c91106efefe2364482f86d6f # v1.2.0
         with:
           nuget-version: 6.4.0
-      
+
       - name: Set up .NET
         uses: actions/setup-dotnet@3447fd6a9f9e57506b15f895c5b76d3b197dc7c2 # v3.2.0
         with:
           dotnet-version: '8.0.x'
-  
-      # This step might be obsolete at some point as .NET MAUI workloads 
+
+      # This step might be obsolete at some point as .NET MAUI workloads
       # are starting to come pre-installed on the GH Actions build agents.
       - name: Install MAUI Workload
         run: dotnet workload install maui --ignore-failed-sources
@@ -493,42 +487,42 @@ jobs:
           keyvault: "bitwarden-ci"
           secrets: "appcenter-ios-token"
 
-      - name: Decrypt secrets
+      - name: Download Provisioning Profiles secrets
         env:
-          DECRYPT_FILE_PASSWORD: ${{ secrets.DECRYPT_FILE_PASSWORD }}
+          ACCOUNT_NAME: bitwardenci
+          CONTAINER_NAME: profiles
         run: |
-          mkdir -p ~/secrets
+          mkdir -p $HOME/secrets
+          profiles=(
+              "dist_autofill.mobileprovision"
+              "dist_bitwarden.mobileprovision"
+              "dist_extension.mobileprovision"
+              "dist_share_extension.mobileprovision"
+              "dist_bitwarden_watch_app.mobileprovision"
+              "dist_bitwarden_watch_app_extension.mobileprovision"
+          )
 
-          gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \
-            --output $HOME/secrets/bitwarden-mobile-key.p12 ./.github/secrets/bitwarden-mobile-key.p12.gpg
-          gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \
-            --output $HOME/secrets/iphone-distribution-cert.p12 ./.github/secrets/iphone-distribution-cert.p12.gpg
-          gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \
-            --output $HOME/secrets/dist_autofill.mobileprovision ./.github/secrets/dist_autofill.mobileprovision.gpg
-          gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \
-            --output $HOME/secrets/dist_bitwarden.mobileprovision ./.github/secrets/dist_bitwarden.mobileprovision.gpg
-          gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \
-            --output $HOME/secrets/dist_extension.mobileprovision ./.github/secrets/dist_extension.mobileprovision.gpg
-          gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \
-            --output $HOME/secrets/dist_share_extension.mobileprovision \
-            ./.github/secrets/dist_share_extension.mobileprovision.gpg
-          gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \
-            --output $HOME/secrets/dist_watch_app.mobileprovision \
-            ./.github/secrets/dist_watch_app.mobileprovision.gpg
-          gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \
-            --output $HOME/secrets/dist_watch_app_extension.mobileprovision \
-            ./.github/secrets/dist_watch_app_extension.mobileprovision.gpg
-          gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \
-            --output ./src/watchOS/bitwarden/GoogleService-Info.plist ./.github/secrets/GoogleService-Info.plist.gpg
+          for FILE in "${profiles[@]}"
+          do
+            az storage blob download --account-name $ACCOUNT_NAME --container-name $CONTAINER_NAME --name $FILE \
+              --file $HOME/secrets/$FILE --output none
+          done
+
+      - name: Download Google Services secret
+        env:
+          ACCOUNT_NAME: bitwardenci
+          CONTAINER_NAME: mobile
+          FILE: GoogleService-Info.plist
+        run: |
+          mkdir -p $HOME/secrets
+          az storage blob download --account-name $ACCOUNT_NAME --container-name $CONTAINER_NAME --name $FILE \
+            --file src/watchOS/bitwarden/$FILE --output none
 
       - name: Increment version
         run: |
           BUILD_NUMBER=$((100 + $GITHUB_RUN_NUMBER))
 
-          echo "########################################"
           echo "##### Setting CFBundleVersion $BUILD_NUMBER"
-          echo "########################################"
-
           echo "### CFBundleVersion $BUILD_NUMBER" >> $GITHUB_STEP_SUMMARY
 
           perl -0777 -pi.bak -e 's/<key>CFBundleVersion<\/key>\s*<string>1<\/string>/<key>CFBundleVersion<\/key>\n\t<string>'"$BUILD_NUMBER"'<\/string>/' ./${{ env.ios_folder_path }}/Info.plist
@@ -536,30 +530,30 @@ jobs:
           perl -0777 -pi.bak -e 's/<key>CFBundleVersion<\/key>\s*<string>1<\/string>/<key>CFBundleVersion<\/key>\n\t<string>'"$BUILD_NUMBER"'<\/string>/' ./src/iOS.Autofill/Info.plist
           perl -0777 -pi.bak -e 's/<key>CFBundleVersion<\/key>\s*<string>1<\/string>/<key>CFBundleVersion<\/key>\n\t<string>'"$BUILD_NUMBER"'<\/string>/' ./src/iOS.ShareExtension/Info.plist
           cd src/watchOS/bitwarden
-          agvtool new-version -all  $BUILD_NUMBER
+          agvtool new-version -all $BUILD_NUMBER
 
       - name: Update Entitlements
         run: |
-          echo "########################################"
           echo "##### Updating Entitlements"
-          echo "########################################"
-
           perl -0777 -pi.bak -e 's/<key>aps-environment<\/key>\s*<string>development<\/string>/<key>aps-environment<\/key>\n\t<string>production<\/string>/' ./${{ env.ios_folder_path }}/Entitlements.plist
-        
+
+      - name: Get certificates
+        run: |
+          mkdir -p $HOME/certificates
+          az keyvault secret show --id https://bitwarden-ci.vault.azure.net/certificates/ios-distribution |
+            jq -r .value | base64 -d > $HOME/certificates/ios-distribution.p12
+
       - name: Set up Keychain
         env:
           KEYCHAIN_PASSWORD: ${{ secrets.IOS_KEYCHAIN_PASSWORD }}
-          MOBILE_KEY_PASSWORD: ${{ secrets.IOS_KEY_PASSWORD }}
-          DIST_CERT_PASSWORD: ${{ secrets.IOS_DIST_CERT_PASSWORD }}
         run: |
           security create-keychain -p $KEYCHAIN_PASSWORD build.keychain
           security default-keychain -s build.keychain
           security unlock-keychain -p $KEYCHAIN_PASSWORD build.keychain
           security set-keychain-settings -lut 1200 build.keychain
-          security import ~/secrets/bitwarden-mobile-key.p12 -k build.keychain -P $MOBILE_KEY_PASSWORD \
-            -T /usr/bin/codesign -T /usr/bin/security
-          security import ~/secrets/iphone-distribution-cert.p12 -k build.keychain -P $DIST_CERT_PASSWORD \
-            -T /usr/bin/codesign -T /usr/bin/security
+
+          security import $HOME/certificates/ios-distribution.p12 -k build.keychain -P "" -T /usr/bin/codesign \
+            -T /usr/bin/security
           security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k $KEYCHAIN_PASSWORD build.keychain
 
       - name: Set up provisioning profiles
@@ -568,8 +562,8 @@ jobs:
           BITWARDEN_PROFILE_PATH=$HOME/secrets/dist_bitwarden.mobileprovision
           EXTENSION_PROFILE_PATH=$HOME/secrets/dist_extension.mobileprovision
           SHARE_EXTENSION_PROFILE_PATH=$HOME/secrets/dist_share_extension.mobileprovision
-          WATCH_APP_PROFILE_PATH=$HOME/secrets/dist_watch_app.mobileprovision
-          WATCH_APP_EXTENSION_PROFILE_PATH=$HOME/secrets/dist_watch_app_extension.mobileprovision
+          WATCH_APP_PROFILE_PATH=$HOME/secrets/dist_bitwarden_watch_app.mobileprovision
+          WATCH_APP_EXTENSION_PROFILE_PATH=$HOME/secrets/dist_bitwarden_watch_app_extension.mobileprovision
           PROFILES_DIR_PATH=$HOME/Library/MobileDevice/Provisioning\ Profiles
 
           mkdir -p "$PROFILES_DIR_PATH"
@@ -597,68 +591,44 @@ jobs:
 
       - name: Bulid WatchApp
         run: |
-          echo "########################################"
           echo "##### Build WatchApp with Release Configuration"
-          echo "########################################"
-
           xcodebuild archive -workspace ./src/watchOS/bitwarden/bitwarden.xcodeproj/project.xcworkspace -configuration Release -scheme bitwarden\ WatchKit\ App -archivePath ./src/watchOS/bitwarden
 
-          echo "########################################"
-          echo "##### Done"
-          echo "########################################"
-
       - name: Archive Build for App Store
         run: |
-          Write-Output "########################################"
-          Write-Output "##### Archive for Release ios-arm64
-          Write-Output "########################################"
-
+          echo "##### Archive for Release ios-arm64"
           dotnet publish ${{ env.main_app_project_path }} -c Release -f ${{ env.target-net-version }}-ios /p:RuntimeIdentifier=ios-arm64 /p:ArchiveOnBuild=true /p:MtouchUseLlvm=false
 
-          Write-Output "########################################"
-          Write-Output "##### Done"
-          Write-Output "########################################"
-        shell: pwsh
-
       - name: Archive Build for Mobile Automation
         run: |
-          Write-Output "########################################"
-          Write-Output "##### Archive Debug for iossimulator-x64
-          Write-Output "########################################"
-
+          echo "##### Archive Debug for iossimulator-x64"
           dotnet build ${{ env.main_app_project_path }} -c Debug -f ${{ env.target-net-version }}-ios /p:RuntimeIdentifier=iossimulator-x64 /p:ArchiveOnBuild=true /p:MtouchUseLlvm=false
-
-          Write-Output "########################################"
-          Write-Output "##### Done"
-          Write-Output "########################################"
-          ls ~/Library/Developer/Xcode/Archives
-        shell: pwsh
+          ls $HOME/Library/Developer/Xcode/Archives
 
       - name: Export .ipa for App Store
+        env:
+          EXPORT_OPTIONS_PATH: ./.github/resources/export-options-app-store.plist
+          EXPORT_PATH: ./bitwarden-export
         run: |
-          EXPORT_OPTIONS_PATH="./.github/resources/export-options-app-store.plist"
           ARCHIVE_PATH="$HOME/Library/Developer/Xcode/Archives/*/*.xcarchive"
-          EXPORT_PATH="./bitwarden-export"
-
           xcodebuild -exportArchive -archivePath $ARCHIVE_PATH -exportPath $EXPORT_PATH \
             -exportOptionsPlist $EXPORT_OPTIONS_PATH
 
       - name: Export .app for Automation CI
+        env:
+          ARCHIVE_PATH: ./${{ env.main_app_folder_path }}/bin/Debug/${{ env.target-net-version }}-ios/iossimulator-x64
+          EXPORT_PATH: ./bitwarden-export
         run: |
-          ARCHIVE_PATH="./${{ env.main_app_folder_path }}/bin/Debug/${{ env.target-net-version }}-ios/iossimulator-x64"
-          EXPORT_PATH="./bitwarden-export"
-
           zip -r -q ${{ env.app_ci_output_filename }}.app.zip $ARCHIVE_PATH
           mv ${{ env.app_ci_output_filename }}.app.zip $EXPORT_PATH
 
       - name: Copy all dSYMs files to upload
+        env:
+          EXPORT_PATH: ./bitwarden-export
+          WATCH_ARCHIVE_DSYMS_PATH: ./src/watchOS/bitwarden.xcarchive/dSYMs/
+          WATCH_DSYMS_EXPORT_PATH: ./bitwarden-export/Watch_dSYMs
         run: |
           ARCHIVE_DSYMS_PATH="$HOME/Library/Developer/Xcode/Archives/*/*.xcarchive/dSYMs"
-          EXPORT_PATH="./bitwarden-export"
-
-          WATCH_ARCHIVE_DSYMS_PATH="./src/watchOS/bitwarden.xcarchive/dSYMs/"
-          WATCH_DSYMS_EXPORT_PATH="$EXPORT_PATH/Watch_dSYMs"
-
           cp -r -v $ARCHIVE_DSYMS_PATH $EXPORT_PATH
           mkdir $WATCH_DSYMS_EXPORT_PATH
           cp -r -v $WATCH_ARCHIVE_DSYMS_PATH $WATCH_DSYMS_EXPORT_PATH
@@ -707,10 +677,7 @@ jobs:
           || (github.ref == 'refs/heads/rc' && needs.setup.outputs.hotfix_branch_exists == 0)
           || github.ref == 'refs/heads/hotfix-rc'
         run: |
-          echo "########################################"
           echo "##### Uploading Watch dSYMs to Firebase"
-          echo "########################################"
-
           find "$HOME/Library/Developer/XCode/DerivedData" -name "upload-symbols" -exec chmod +x {} \; -exec {} -gsp "./src/watchOS/bitwarden/GoogleService-Info.plist" -p ios "./bitwarden-export/Watch_dSYMs" \;
 
       - name: Validate app in App Store
@@ -726,7 +693,6 @@ jobs:
         run: |
           xcrun altool --validate-app --type ios --file "./bitwarden-export/Bitwarden.ipa" \
               --username "$APPLE_ID_USERNAME" --password "$APPLE_ID_PASSWORD"
-        shell: bash
 
       - name: Deploy to App Store
         if: |
@@ -770,13 +736,13 @@ jobs:
           secrets: "crowdin-api-token"
 
       - name: Upload Sources
-        uses: crowdin/github-action@198daeb2d30636c4608d6a6bb96c009dbefc02a2 # v1.18.0
+        uses: crowdin/github-action@c953b17499daa6be3e5afbf7a63616fb02d8b18d # v1.19.0
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           CROWDIN_API_TOKEN: ${{ steps.retrieve-secrets.outputs.crowdin-api-token }}
         with:
           config: crowdin.yml
-          crowdin_branch_name: main 
+          crowdin_branch_name: main
           upload_sources: true
           upload_translations: false
 
@@ -794,27 +760,11 @@ jobs:
     steps:
       - name: Check if any job failed
         if: |
-          (github.ref == 'refs/heads/main')
-          || (github.ref == 'refs/heads/rc')
-          || (github.ref == 'refs/heads/hotfix-rc')
-        env:
-          CLOC_STATUS: ${{ needs.cloc.result }}
-          ANDROID_STATUS: ${{ needs.android.result }}
-          F_DROID_STATUS: ${{ needs.f-droid.result }}
-          IOS_STATUS: ${{ needs.ios.result }}
-          CROWDIN_PUSH_STATUS: ${{ needs.crowdin-push.result }}
-        run: |
-          if [ "$CLOC_STATUS" = "failure" ]; then
-              exit 1
-          elif [ "$ANDROID_STATUS" = "failure" ]; then
-              exit 1
-          elif [ "$F_DROID_STATUS" = "failure" ]; then
-              exit 1
-          elif [ "$IOS_STATUS" = "failure" ]; then
-              exit 1
-          elif [ "$CROWDIN_PUSH_STATUS" = "failure" ]; then
-              exit 1
-          fi
+          (github.ref == 'refs/heads/main'
+          || github.ref == 'refs/heads/rc'
+          || github.ref == 'refs/heads/hotfix-rc')
+          && contains(needs.*.result, 'failure')
+        run: exit 1
 
       - name: Login to Azure - CI Subscription
         uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0

.github/workflows/crowdin-pull.yml

@@ -30,7 +30,7 @@ jobs:
           secrets: "crowdin-api-token, github-gpg-private-key, github-gpg-private-key-passphrase"
 
       - name: Download translations
-        uses: crowdin/github-action@198daeb2d30636c4608d6a6bb96c009dbefc02a2 # v1.18.0
+        uses: crowdin/github-action@c953b17499daa6be3e5afbf7a63616fb02d8b18d # v1.19.0
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           CROWDIN_API_TOKEN: ${{ steps.retrieve-secrets.outputs.crowdin-api-token }}

.github/workflows/release.yml

@@ -28,7 +28,7 @@ jobs:
       branch-name: ${{ steps.branch.outputs.branch-name }}
     steps:
       - name: Branch check
-        if: github.event.inputs.release_type != 'Dry Run'
+        if: inputs.release_type != 'Dry Run'
         run: |
           if [[ "$GITHUB_REF" != "refs/heads/rc" ]] && [[ "$GITHUB_REF" != "refs/heads/hotfix-rc" ]]; then
             echo "==================================="
@@ -44,9 +44,9 @@ jobs:
         id: version
         uses: bitwarden/gh-actions/release-version-check@main
         with:
-          release-type: ${{ github.event.inputs.release_type }}
+          release-type: ${{ inputs.release_type }}
           project-type: xamarin
-          file: src/Android/Properties/AndroidManifest.xml
+          file: src/App/Platforms/Android/AndroidManifest.xml
 
       - name: Get branch name
         id: branch
@@ -55,7 +55,7 @@ jobs:
           echo "branch-name=$BRANCH_NAME" >> $GITHUB_OUTPUT
 
       - name: Create GitHub deployment
-        if: ${{ github.event.inputs.release_type != 'Dry Run' }}
+        if: ${{ inputs.release_type != 'Dry Run' }}
         uses: chrnorm/deployment-action@55729fcebec3d284f60f5bcabbd8376437d696b1 # v2.0.7
         id: deployment
         with:
@@ -67,16 +67,16 @@ jobs:
 
 
       - name: Download all artifacts
-        if: ${{ github.event.inputs.release_type != 'Dry Run' }}
-        uses: dawidd6/action-download-artifact@e7466d1a7587ed14867642c2ca74b5bcc1e19a2d # v3.0.0
+        if: ${{ inputs.release_type != 'Dry Run' }}
+        uses: dawidd6/action-download-artifact@71072fbb1229e1317f1a8de6b04206afb461bd67 # v3.1.2
         with:
           workflow: build.yml
           workflow_conclusion: success
           branch: ${{ steps.branch.outputs.branch-name }}
 
       - name: Dry Run - Download all artifacts
-        if: ${{ github.event.inputs.release_type == 'Dry Run' }}
-        uses: dawidd6/action-download-artifact@e7466d1a7587ed14867642c2ca74b5bcc1e19a2d # v3.0.0
+        if: ${{ inputs.release_type == 'Dry Run' }}
+        uses: dawidd6/action-download-artifact@71072fbb1229e1317f1a8de6b04206afb461bd67 # v3.1.2
         with:
           workflow: build.yml
           workflow_conclusion: success
@@ -86,7 +86,7 @@ jobs:
         run: zip -r Bitwarden\ iOS.zip Bitwarden\ iOS
 
       - name: Create release
-        if: ${{ github.event.inputs.release_type != 'Dry Run' }}
+        if: ${{ inputs.release_type != 'Dry Run' }}
         uses: ncipollo/release-action@2c591bcc8ecdcd2db72b97d6147f871fcd833ba5 # v1.14.0
         with:
           artifacts: "./com.x8bit.bitwarden.aab/com.x8bit.bitwarden.aab,
@@ -103,16 +103,16 @@ jobs:
           draft: true
 
       - name: Update deployment status to Success
-        if: ${{ github.event.inputs.release_type != 'Dry Run' && success() }}
-        uses: chrnorm/deployment-status@2afb7d27101260f4a764219439564d954d10b5b0 # v2.0.1
+        if: ${{ inputs.release_type != 'Dry Run' && success() }}
+        uses: chrnorm/deployment-status@9a72af4586197112e0491ea843682b5dc280d806 # v2.0.3
         with:
           token: '${{ secrets.GITHUB_TOKEN }}'
           state: 'success'
           deployment-id: ${{ steps.deployment.outputs.deployment_id }}
 
       - name: Update deployment status to Failure
-        if: ${{ github.event.inputs.release_type != 'Dry Run' && failure() }}
-        uses: chrnorm/deployment-status@2afb7d27101260f4a764219439564d954d10b5b0 # v2.0.1
+        if: ${{ inputs.release_type != 'Dry Run' && failure() }}
+        uses: chrnorm/deployment-status@9a72af4586197112e0491ea843682b5dc280d806 # v2.0.3
         with:
           token: '${{ secrets.GITHUB_TOKEN }}'
           state: 'failure'
@@ -129,8 +129,8 @@ jobs:
         uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
 
       - name: Download F-Droid .apk artifact
-        if: ${{ github.event.inputs.release_type != 'Dry Run' }}
-        uses: dawidd6/action-download-artifact@e7466d1a7587ed14867642c2ca74b5bcc1e19a2d # v3.0.0
+        if: ${{ inputs.release_type != 'Dry Run' }}
+        uses: dawidd6/action-download-artifact@71072fbb1229e1317f1a8de6b04206afb461bd67 # v3.1.2
         with:
           workflow: build.yml
           workflow_conclusion: success
@@ -138,8 +138,8 @@ jobs:
           name: com.x8bit.bitwarden-fdroid.apk
 
       - name: Dry Run - Download F-Droid .apk artifact
-        if: ${{ github.event.inputs.release_type == 'Dry Run' }}
-        uses: dawidd6/action-download-artifact@e7466d1a7587ed14867642c2ca74b5bcc1e19a2d # v3.0.0
+        if: ${{ inputs.release_type == 'Dry Run' }}
+        uses: dawidd6/action-download-artifact@71072fbb1229e1317f1a8de6b04206afb461bd67 # v3.1.2
         with:
           workflow: build.yml
           workflow_conclusion: success
@@ -176,13 +176,19 @@ jobs:
       - name: Install Node dependencies
         run: npm install
 
-      - name: Decrypt secrets
+      - name: Login to Azure - CI Subscription
+        uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0
+        with:
+          creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
+
+      - name: Download secrets
         env:
-          DECRYPT_FILE_PASSWORD: ${{ secrets.DECRYPT_FILE_PASSWORD }}
+          ACCOUNT_NAME: bitwardenci
+          CONTAINER_NAME: mobile
         run: |
-          mkdir -p ~/secrets
-          gpg --quiet --batch --yes --decrypt --passphrase="$DECRYPT_FILE_PASSWORD" \
-            --output ./store/fdroid/keystore.jks ./.github/secrets/store_fdroid-keystore.jks.gpg
+          mkdir -p $HOME/secrets
+          az storage blob download --account-name $ACCOUNT_NAME --container-name $CONTAINER_NAME \
+          --name store_fdroid-keystore.jks --file ./store/fdroid/keystore.jks --output none
 
       - name: Compile for F-Droid Store
         env:
@@ -211,5 +217,5 @@ jobs:
           cd $GITHUB_WORKSPACE
 
       - name: Deploy to gh-pages
-        if: ${{ github.event.inputs.release_type != 'Dry Run' }}
+        if: ${{ inputs.release_type != 'Dry Run' }}
         run: npm run deploy

.github/workflows/workflow-linter.yml

@@ -1,11 +0,0 @@
----
-name: Workflow Linter
-
-on:
-  pull_request:
-    paths:
-      - .github/workflows/**
-
-jobs:
-  call-workflow:
-    uses: bitwarden/gh-actions/.github/workflows/workflow-linter.yml@main

.gitignore

@@ -148,7 +148,6 @@ publish/
 
 # NuGet Packages
 *.nupkg
-!**/Xamarin.AndroidX.Credentials.1.0.0.nupkg
 # The packages folder can be ignored because of Package Restore
 **/packages/*
 # except build/, which is used as an MSBuild target.

Directory.Build.props

@@ -1,6 +1,6 @@
 <Project>
  <PropertyGroup>
-   <MauiVersion>8.0.7-nightly.*</MauiVersion>
+   <MauiVersion>8.0.7</MauiVersion>
    <ReleaseCodesignProvision>Automatic:AppStore</ReleaseCodesignProvision>
    <ReleaseCodesignKey>iPhone Distribution</ReleaseCodesignKey>
    <IncludeBitwardeniOSExtensions>True</IncludeBitwardeniOSExtensions>
@@ -10,4 +10,4 @@
    <!-- Uncomment this when Unit Testing-->
    <!-- <CustomConstants>UT</CustomConstants> -->
  </PropertyGroup>
-</Project>
+</Project>

lib/android/Xamarin.AndroidX.Credentials/net8.0-android/Xamarin.AndroidX.Credentials.xml

@@ -1,8 +0,0 @@
-<?xml version="1.0"?>
-<doc>
-    <assembly>
-        <name>Xamarin.AndroidX.Credentials</name>
-    </assembly>
-    <members>
-    </members>
-</doc>

nuget.config

@@ -2,6 +2,5 @@
 <configuration>
     <packageSources>
         <add key="MAUI Nightly builds" value="https://pkgs.dev.azure.com/xamarin/public/_packaging/maui-nightly/nuget/v3/index.json" />
-        <add key="Local AndroidX Credentials" value="lib/android/Xamarin.AndroidX.Credentials" />
     </packageSources>
 </configuration>

src/App/App.csproj

@@ -121,7 +121,6 @@
 	<ItemGroup Condition="$([MSBuild]::GetTargetPlatformIdentifier('$(TargetFramework)')) == 'android'">
 	  <PackageReference Include="Xamarin.AndroidX.AutoFill" Version="1.1.0.18" />
 	  <PackageReference Include="Xamarin.AndroidX.Activity.Ktx" Version="1.7.2.1" />
-      <PackageReference Include="Xamarin.AndroidX.Credentials" Version="1.0.0" />
 	</ItemGroup>
 	<ItemGroup Condition="$([MSBuild]::GetTargetPlatformIdentifier('$(TargetFramework)')) == 'android' AND !$(DefineConstants.Contains(FDROID))">
 	  <PackageReference Include="Xamarin.GooglePlayServices.SafetyNet" Version="118.0.1.5" />

src/App/Platforms/Android/AndroidManifest.xml

@@ -1,5 +1,5 @@
 <?xml version="1.0" encoding="utf-8"?>
-<manifest xmlns:android="http://schemas.android.com/apk/res/android" xmlns:tools="http://schemas.android.com/tools" android:versionCode="1" android:versionName="2024.2.2" android:installLocation="internalOnly" package="com.x8bit.bitwarden">
+<manifest xmlns:android="http://schemas.android.com/apk/res/android" xmlns:tools="http://schemas.android.com/tools" android:versionCode="1" android:versionName="2024.3.0" android:installLocation="internalOnly" package="com.x8bit.bitwarden">
 	<uses-sdk android:minSdkVersion="21" android:targetSdkVersion="34" />
 	<uses-permission android:name="android.permission.INTERNET" />
 	<uses-permission android:name="android.permission.NFC" />
@@ -43,6 +43,9 @@
 	<!-- Support for Xamarin.Essentials.Browser.OpenAsync  (for Android > 11) -->
 	<!-- Related docs: https://learn.microsoft.com/en-us/xamarin/essentials/open-browser?tabs=android -->
 	<queries>
+		<intent>
+			<action android:name="android.support.customtabs.action.CustomTabsService" />
+		</intent>
 		<intent>
 			<action android:name="android.intent.action.VIEW" />
 			<data android:scheme="http" />

src/App/Platforms/Android/Autofill/AutofillHelpers.cs

@@ -347,7 +347,7 @@ namespace Bit.Droid.Autofill
                 // InlinePresentation requires nonNull pending intent (even though we only utilize one for the
                 // "my vault" presentation) so we're including an empty one here
                 pendingIntent = PendingIntent.GetService(context, 0, new Intent(),
-                    AndroidHelpers.AddPendingIntentMutabilityFlag(PendingIntentFlags.OneShot | PendingIntentFlags.UpdateCurrent, true));
+                    AndroidHelpers.AddPendingIntentMutabilityFlag(PendingIntentFlags.OneShot | PendingIntentFlags.UpdateCurrent, false));
             }
             var slice = CreateInlinePresentationSlice(
                 inlinePresentationSpec,

src/App/Platforms/Android/Autofill/CredentialProviderConstants.cs

@@ -1,9 +0,0 @@
-namespace Bit.Droid.Autofill
-{
-    public class CredentialProviderConstants
-    {
-        public const string CredentialProviderCipherId = "credentialProviderCipherId";
-        public const string CredentialDataIntentExtra = "CREDENTIAL_DATA";
-        public const string CredentialIdIntentExtra = "credId";
-    }
-}

src/App/Platforms/Android/Autofill/CredentialProviderSelectionActivity.cs

@@ -1,65 +0,0 @@
-using System.Threading.Tasks;
-using Android.App;
-using Android.Content.PM;
-using Android.OS;
-using AndroidX.Credentials.Provider;
-using AndroidX.Credentials.WebAuthn;
-using Bit.Core.Abstractions;
-using Bit.Core.Utilities;
-using Bit.App.Droid.Utilities;
-
-namespace Bit.Droid.Autofill
-{
-    [Activity(
-        NoHistory = true,
-        LaunchMode = LaunchMode.SingleTop)]
-    public class CredentialProviderSelectionActivity : MauiAppCompatActivity
-    {
-        protected override void OnCreate(Bundle bundle)
-        {
-            Intent?.Validate();
-            base.OnCreate(bundle);
-
-            var cipherId = Intent?.GetStringExtra(CredentialProviderConstants.CredentialProviderCipherId);
-            if (string.IsNullOrEmpty(cipherId))
-            {
-                SetResult(Result.Canceled);
-                Finish();
-                return;
-            }
-
-            GetCipherAndPerformPasskeyAuthAsync(cipherId).FireAndForget();
-        }
-
-        private async Task GetCipherAndPerformPasskeyAuthAsync(string cipherId)
-        {
-            // TODO this is a work in progress
-            // https://developer.android.com/training/sign-in/credential-provider#passkeys-implement
-
-            var getRequest = PendingIntentHandler.RetrieveProviderGetCredentialRequest(Intent);
-            // var publicKeyRequest = getRequest?.CredentialOptions as PublicKeyCredentialRequestOptions;
-
-            var requestInfo = Intent.GetBundleExtra(CredentialProviderConstants.CredentialDataIntentExtra);
-            var credIdEnc = requestInfo?.GetString(CredentialProviderConstants.CredentialIdIntentExtra);
-
-            var cipherService = ServiceContainer.Resolve<ICipherService>();
-            var cipher = await cipherService.GetAsync(cipherId);
-            var decCipher = await cipher.DecryptAsync();
-
-            var passkey = decCipher.Login.Fido2Credentials.Find(f => f.CredentialId == credIdEnc);
-
-            var credId = Convert.FromBase64String(credIdEnc);
-            // var privateKey = Convert.FromBase64String(passkey.PrivateKey);
-            // var uid = Convert.FromBase64String(passkey.uid);
-
-            var origin = getRequest?.CallingAppInfo.Origin;
-            var packageName = getRequest?.CallingAppInfo.PackageName;
-
-            // --- continue WIP here (save TOTP copy as last step) ---
-
-            // Copy TOTP if needed
-            var autofillHandler = ServiceContainer.Resolve<IAutofillHandler>();
-            autofillHandler.Autofill(decCipher);
-        }
-    }
-}

src/App/Platforms/Android/Autofill/CredentialProviderService.cs

@@ -1,147 +0,0 @@
-using Android;
-using Android.App;
-using Android.Content;
-using Android.Graphics.Drawables;
-using Android.OS;
-using Android.Runtime;
-using AndroidX.Credentials.Provider;
-using Bit.Core.Abstractions;
-using Bit.Core.Utilities;
-using AndroidX.Credentials.Exceptions;
-using AndroidX.Credentials.WebAuthn;
-using Bit.Core.Models.View;
-using Resource = Microsoft.Maui.Resource;
-
-namespace Bit.Droid.Autofill
-{
-    [Service(Permission = Manifest.Permission.BindCredentialProviderService, Label = "Bitwarden", Exported = true)]
-    [IntentFilter(new string[] { "android.service.credentials.CredentialProviderService" })]
-    [MetaData("android.credentials.provider", Resource = "@xml/provider")]
-    [Register("com.x8bit.bitwarden.Autofill.CredentialProviderService")]
-    public class CredentialProviderService : AndroidX.Credentials.Provider.CredentialProviderService
-    {
-        private const string GetPasskeyIntentAction = "PACKAGE_NAME.GET_PASSKEY";
-        private const int UniqueRequestCode = 94556023;
-
-        private ICipherService _cipherService;
-        private IUserVerificationService _userVerificationService;
-        private IVaultTimeoutService _vaultTimeoutService;
-        private LazyResolve<ILogger> _logger = new LazyResolve<ILogger>("logger");
-
-        public override async void OnBeginCreateCredentialRequest(BeginCreateCredentialRequest request,
-            CancellationSignal cancellationSignal, IOutcomeReceiver callback) => throw new NotImplementedException();
-
-        public override async void OnBeginGetCredentialRequest(BeginGetCredentialRequest request,
-            CancellationSignal cancellationSignal, IOutcomeReceiver callback)
-        {
-            try
-            {
-                _vaultTimeoutService ??= ServiceContainer.Resolve<IVaultTimeoutService>();
-
-                await _vaultTimeoutService.CheckVaultTimeoutAsync();
-                var locked = await _vaultTimeoutService.IsLockedAsync();
-                if (!locked)
-                {
-                    var response = await ProcessGetCredentialsRequestAsync(request);
-                    callback.OnResult(response);
-                }
-                // TODO handle auth/unlock account flow
-            }
-            catch (GetCredentialException e)
-            {
-                _logger.Value.Exception(e);
-                callback.OnError(e.ErrorMessage ?? "Error getting credentials");
-            }
-            catch (Exception e)
-            {
-                _logger.Value.Exception(e);
-                throw;
-            }
-        }
-
-        private async Task<BeginGetCredentialResponse> ProcessGetCredentialsRequestAsync(
-            BeginGetCredentialRequest request)
-        {
-            IList<CredentialEntry> credentialEntries = null;
-
-            foreach (var option in request.BeginGetCredentialOptions)
-            {
-                var credentialOption = option as BeginGetPublicKeyCredentialOption;
-                if (credentialOption != null)
-                {
-                    credentialEntries ??= new List<CredentialEntry>();
-                    ((List<CredentialEntry>)credentialEntries).AddRange(
-                        await PopulatePasskeyDataAsync(request.CallingAppInfo, credentialOption));
-                }
-            }
-
-            if (credentialEntries == null)
-            {
-                return new BeginGetCredentialResponse();
-            }
-
-            return new BeginGetCredentialResponse.Builder()
-                .SetCredentialEntries(credentialEntries)
-                .Build();
-        }
-
-        private async Task<List<CredentialEntry>> PopulatePasskeyDataAsync(CallingAppInfo callingAppInfo,
-            BeginGetPublicKeyCredentialOption option)
-        {
-            var packageName = callingAppInfo.PackageName;
-            var origin = callingAppInfo.Origin;
-            var signingInfo = callingAppInfo.SigningInfo;
-
-            var request = new PublicKeyCredentialRequestOptions(option.RequestJson);
-
-            var passkeyEntries = new List<CredentialEntry>();
-
-            _cipherService ??= ServiceContainer.Resolve<ICipherService>();
-            var ciphers = await _cipherService.GetAllDecryptedForUrlAsync(origin);
-            if (ciphers == null)
-            {
-                return passkeyEntries;
-            }
-
-            var passkeyCiphers = ciphers.Where(cipher => cipher.HasFido2Credential).ToList();
-            if (!passkeyCiphers.Any())
-            {
-                return passkeyEntries;
-            }
-
-            foreach (var cipher in passkeyCiphers)
-            {
-                var passkeyEntry = GetPasskey(cipher, option);
-                passkeyEntries.Add(passkeyEntry);
-            }
-
-            return passkeyEntries;
-        }
-
-        private PublicKeyCredentialEntry GetPasskey(CipherView cipher, BeginGetPublicKeyCredentialOption option)
-        {
-            var credDataBundle = new Bundle();
-            credDataBundle.PutString(CredentialProviderConstants.CredentialIdIntentExtra,
-                cipher.Login.MainFido2Credential.CredentialId);
-
-            var intent = new Intent(ApplicationContext, typeof(CredentialProviderSelectionActivity))
-                .SetAction(GetPasskeyIntentAction).SetPackage(Constants.PACKAGE_NAME);
-            intent.PutExtra(CredentialProviderConstants.CredentialDataIntentExtra, credDataBundle);
-            intent.PutExtra(CredentialProviderConstants.CredentialProviderCipherId, cipher.Id);
-            var pendingIntent = PendingIntent.GetActivity(ApplicationContext, UniqueRequestCode, intent,
-                PendingIntentFlags.Mutable | PendingIntentFlags.UpdateCurrent);
-
-            return new PublicKeyCredentialEntry.Builder(
-                    ApplicationContext,
-                    cipher.Login.Username ?? "No username",
-                    pendingIntent,
-                    option)
-                .SetDisplayName(cipher.Name)
-                .SetIcon(Icon.CreateWithResource(ApplicationContext, Resource.Drawable.icon))
-                .Build();
-        }
-
-        public override void OnClearCredentialStateRequest(ProviderClearCredentialStateRequest request,
-            CancellationSignal cancellationSignal, IOutcomeReceiver callback) => throw new NotImplementedException();
-    }
-}

src/App/Platforms/Android/Resources/xml/provider.xml

@@ -1,6 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<credential-provider xmlns:android="http://schemas.android.com/apk/res/android">
-    <capabilities>
-        <capability name="androidx.credentials.TYPE_PUBLIC_KEY_CREDENTIAL" />
-    </capabilities>
-</credential-provider>

src/App/Platforms/Android/Services/AutofillHandler.cs

@@ -37,23 +37,6 @@ namespace Bit.Droid.Services
             _eventService = eventService;
         }
 
-        public bool CredentialProviderServiceEnabled()
-        {
-            if (Build.VERSION.SdkInt < BuildVersionCodes.UpsideDownCake)
-            {
-                return false;
-            }
-            try
-            {
-                // TODO - find a way to programmatically check if the credential provider service is enabled
-                return false;
-            }
-            catch
-            {
-                return false;
-            }
-        }
-
         public bool AutofillServiceEnabled()
         {
             if (Build.VERSION.SdkInt < BuildVersionCodes.O)
@@ -180,14 +163,7 @@ namespace Bit.Droid.Services
             return Accessibility.AccessibilityHelpers.OverlayPermitted();
         }
 
-        public void DisableCredentialProviderService()
-        {
-            try
-            {
-                // TODO - find a way to programmatically disable the provider service, or take the user to the settings page where they can do it
-            }
-            catch { }
-        }
+        
 
         public void DisableAutofillService()
         {

src/App/Platforms/Android/Services/DeviceActionService.cs

@@ -11,7 +11,6 @@ using Android.Text.Method;
 using Android.Views;
 using Android.Views.InputMethods;
 using Android.Widget;
-using AndroidX.Credentials;
 using Bit.App.Abstractions;
 using Bit.Core.Resources.Localization;
 using Bit.App.Utilities;
@@ -491,27 +490,6 @@ namespace Bit.Droid.Services
             }
         }
 
-        public void OpenCredentialProviderSettings()
-        {
-            var activity = (MainActivity)Microsoft.Maui.ApplicationModel.Platform.CurrentActivity;
-            try
-            {
-                var pendingIntent = CredentialManager.Create(activity).CreateSettingsPendingIntent();
-                pendingIntent.Send();
-            }
-            catch (ActivityNotFoundException)
-            {
-                var alertBuilder = new AlertDialog.Builder(activity);
-                alertBuilder.SetMessage(AppResources.BitwardenCredentialProviderGoToSettings);
-                alertBuilder.SetCancelable(true);
-                alertBuilder.SetPositiveButton(AppResources.Ok, (sender, args) =>
-                {
-                    (sender as AlertDialog)?.Cancel();
-                });
-                alertBuilder.Create().Show();
-            }
-        }
-
         public void OpenAccessibilitySettings()
         {
             try
@@ -570,8 +548,6 @@ namespace Bit.Droid.Services
             return true;
         }
 
-        public bool SupportsCredentialProviderService() => Build.VERSION.SdkInt >= BuildVersionCodes.UpsideDownCake;
-
         public bool SupportsAutofillServices() => Build.VERSION.SdkInt >= BuildVersionCodes.O;
 
         public bool SupportsInlineAutofill() => Build.VERSION.SdkInt >= BuildVersionCodes.R;

src/App/Platforms/Android/Tiles/AutofillTileService.cs

@@ -8,6 +8,7 @@ using Bit.Core.Abstractions;
 using Bit.Core.Utilities;
 using Bit.Droid.Accessibility;
 using Java.Lang;
+using Bit.App.Droid.Utilities;
 
 namespace Bit.Droid.Tile
 {
@@ -76,7 +77,7 @@ namespace Bit.Droid.Tile
             var intent = new Intent(this, typeof(AccessibilityActivity));
             intent.SetFlags(ActivityFlags.NewTask | ActivityFlags.SingleTop | ActivityFlags.ClearTop);
             intent.PutExtra("autofillTileClicked", true);
-            StartActivityAndCollapse(intent);
+            this.StartActivityAndCollapseWithIntent(intent, isMutable: true);
         }
 
         private void ShowConfigErrorDialog()

src/App/Platforms/Android/Tiles/GeneratorTileService.cs

@@ -1,15 +1,8 @@
-using System;
-using System.Collections.Generic;
-using System.Linq;
-using System.Text;
-
-using Android.App;
+using Android.App;
 using Android.Content;
-using Android.OS;
 using Android.Runtime;
 using Android.Service.QuickSettings;
-using Android.Views;
-using Android.Widget;
+using Bit.App.Droid.Utilities;
 using Java.Lang;
 
 namespace Bit.Droid.Tile
@@ -62,7 +55,7 @@ namespace Bit.Droid.Tile
             var intent = new Intent(this, typeof(MainActivity));
             intent.SetFlags(ActivityFlags.NewTask | ActivityFlags.SingleTop | ActivityFlags.ClearTop);
             intent.PutExtra("generatorTile", true);
-            StartActivityAndCollapse(intent);
+            this.StartActivityAndCollapseWithIntent(intent, isMutable: false);
         }
     }
 }

src/App/Platforms/Android/Tiles/MyVaultTileService.cs

@@ -1,15 +1,8 @@
-using System;
-using System.Collections.Generic;
-using System.Linq;
-using System.Text;
-
-using Android.App;
+using Android.App;
 using Android.Content;
-using Android.OS;
 using Android.Runtime;
 using Android.Service.QuickSettings;
-using Android.Views;
-using Android.Widget;
+using Bit.App.Droid.Utilities;
 using Java.Lang;
 
 namespace Bit.Droid.Tile
@@ -63,7 +56,7 @@ namespace Bit.Droid.Tile
             var intent = new Intent(this, typeof(MainActivity));
             intent.SetFlags(ActivityFlags.NewTask | ActivityFlags.SingleTop | ActivityFlags.ClearTop);
             intent.PutExtra("myVaultTile", true);
-            StartActivityAndCollapse(intent);
+            this.StartActivityAndCollapseWithIntent(intent, isMutable: false);
         }
     }
 }

src/App/Platforms/Android/Utilities/AndroidHelpers.cs

@@ -2,6 +2,7 @@
 using Android.Content;
 using Android.OS;
 using Android.Provider;
+using Android.Service.QuickSettings;
 using Bit.App.Utilities;
 
 namespace Bit.App.Droid.Utilities
@@ -64,5 +65,26 @@ namespace Bit.App.Droid.Utilities
 
             return pendingIntentFlags;
         }
+
+        public static void StartActivityAndCollapseWithIntent(this TileService service, Intent intent, bool isMutable)
+        {
+            //For Android 14+ We need to use PendingIntent instead of Intent directly. Older versions still need to use Intent.
+            if (Build.VERSION.SdkInt < BuildVersionCodes.UpsideDownCake)
+            {
+                service.StartActivityAndCollapse(intent);
+                return;
+            }
+            var pendingIntent = PendingIntent.GetActivity(
+                service.ApplicationContext,
+                0,
+                intent,
+                AddPendingIntentMutabilityFlag(PendingIntentFlags.UpdateCurrent, isMutable)
+            );
+            if (pendingIntent == null) 
+            { 
+                return; 
+            }
+            service.StartActivityAndCollapse(pendingIntent);
+        }
     }
 }

src/App/Platforms/iOS/AppDelegate.cs

@@ -88,7 +88,7 @@ namespace Bit.iOS
                                 Core.Constants.AutofillNeedsIdentityReplacementKey);
                             if (needsAutofillReplacement.GetValueOrDefault())
                             {
-                                await ASHelpers.ReplaceAllIdentitiesAsync();
+                                await ASHelpers.ReplaceAllIdentities();
                             }
                         }
                         else if (message.Command == "showAppExtension")
@@ -102,7 +102,7 @@ namespace Bit.iOS
                                 var success = value as bool?;
                                 if (success.GetValueOrDefault() && _deviceActionService.SystemMajorVersion() >= 12)
                                 {
-                                    await ASHelpers.ReplaceAllIdentitiesAsync();
+                                    await ASHelpers.ReplaceAllIdentities();
                                 }
                             }
                         }
@@ -114,21 +114,22 @@ namespace Bit.iOS
                                 return;
                             }
 
-                            if (await ASHelpers.IdentitiesSupportIncrementalAsync())
+                            if (await ASHelpers.IdentitiesCanIncremental())
                             {
                                 var cipherId = message.Data as string;
                                 if (message.Command == "addedCipher" && !string.IsNullOrWhiteSpace(cipherId))
                                 {
-                                    var identity = await ASHelpers.GetCipherPasswordIdentityAsync(cipherId);
+                                    var identity = await ASHelpers.GetCipherIdentityAsync(cipherId);
                                     if (identity == null)
                                     {
                                         return;
                                     }
-                                    await ASCredentialIdentityStoreExtensions.SaveCredentialIdentitiesAsync(identity);
+                                    await ASCredentialIdentityStore.SharedStore?.SaveCredentialIdentitiesAsync(
+                                        new ASPasswordCredentialIdentity[] { identity });
                                     return;
                                 }
                             }
-                            await ASHelpers.ReplaceAllIdentitiesAsync();
+                            await ASHelpers.ReplaceAllIdentities();
                         }
                         else if (message.Command == "deletedCipher" || message.Command == "softDeletedCipher")
                         {
@@ -137,27 +138,28 @@ namespace Bit.iOS
                                 return;
                             }
 
-                            if (await ASHelpers.IdentitiesSupportIncrementalAsync())
+                            if (await ASHelpers.IdentitiesCanIncremental())
                             {
-                                var identity = ASHelpers.ToPasswordCredentialIdentity(
+                                var identity = ASHelpers.ToCredentialIdentity(
                                     message.Data as Bit.Core.Models.View.CipherView);
                                 if (identity == null)
                                 {
                                     return;
                                 }
-                                await ASCredentialIdentityStoreExtensions.RemoveCredentialIdentitiesAsync(identity);
+                                await ASCredentialIdentityStore.SharedStore?.RemoveCredentialIdentitiesAsync(
+                                    new ASPasswordCredentialIdentity[] { identity });
                                 return;
                             }
-                            await ASHelpers.ReplaceAllIdentitiesAsync();
+                            await ASHelpers.ReplaceAllIdentities();
                         }
                         else if (message.Command == "logout" && UIDevice.CurrentDevice.CheckSystemVersion(12, 0))
                         {
-                            await ASCredentialIdentityStore.SharedStore.RemoveAllCredentialIdentitiesAsync();
+                            await ASCredentialIdentityStore.SharedStore?.RemoveAllCredentialIdentitiesAsync();
                         }
                         else if ((message.Command == "softDeletedCipher" || message.Command == "restoredCipher")
                             && UIDevice.CurrentDevice.CheckSystemVersion(12, 0))
                         {
-                            await ASHelpers.ReplaceAllIdentitiesAsync();
+                            await ASHelpers.ReplaceAllIdentities();
                         }
                         else if (message.Command == AppHelpers.VAULT_TIMEOUT_ACTION_CHANGED_MESSAGE_COMMAND)
                         {
@@ -166,12 +168,12 @@ namespace Bit.iOS
                             {
                                 if (UIDevice.CurrentDevice.CheckSystemVersion(12, 0))
                                 {
-                                    await ASCredentialIdentityStore.SharedStore.RemoveAllCredentialIdentitiesAsync();
+                                    await ASCredentialIdentityStore.SharedStore?.RemoveAllCredentialIdentitiesAsync();
                                 }
                             }
                             else
                             {
-                                await ASHelpers.ReplaceAllIdentitiesAsync();
+                                await ASHelpers.ReplaceAllIdentities();
                             }
                         }
                     }

src/App/Platforms/iOS/Info.plist

@@ -11,7 +11,7 @@
 	<key>CFBundleIdentifier</key>
 	<string>com.8bit.bitwarden</string>
 	<key>CFBundleShortVersionString</key>
-	<string>2024.2.2</string>
+	<string>2024.3.0</string>
 	<key>CFBundleVersion</key>
 	<string>1</string>
 	<key>CFBundleIconName</key>

src/Core/Abstractions/IAutofillHandler.cs

@@ -4,7 +4,6 @@ namespace Bit.Core.Abstractions
 {
     public interface IAutofillHandler
     {
-        bool CredentialProviderServiceEnabled();
         bool AutofillServicesEnabled();
         bool SupportsAutofillService();
         void Autofill(CipherView cipher);
@@ -12,7 +11,6 @@ namespace Bit.Core.Abstractions
         bool AutofillAccessibilityServiceRunning();
         bool AutofillAccessibilityOverlayPermitted();
         bool AutofillServiceEnabled();
-        void DisableCredentialProviderService();
         void DisableAutofillService();
     }
 }

src/Core/Abstractions/IConditionedAwaiterManager.cs

@@ -5,7 +5,8 @@ namespace Bit.Core.Abstractions
 {
     public enum AwaiterPrecondition
     {
-        EnvironmentUrlsInited
+        EnvironmentUrlsInited,
+        AndroidWindowCreated
     }
 
     public interface IConditionedAwaiterManager

src/Core/Abstractions/ICryptoFunctionService.cs

@@ -1,7 +1,6 @@
 using System;
 using System.Threading.Tasks;
 using Bit.Core.Enums;
-using Bit.Core.Models.Domain;
 
 namespace Bit.Core.Abstractions
 {

src/Core/Abstractions/IDeviceActionService.cs

@@ -28,7 +28,6 @@ namespace Bit.App.Abstractions
         bool SupportsNfc();
         bool SupportsCamera();
         bool SupportsFido2();
-        bool SupportsCredentialProviderService();
         bool SupportsAutofillServices();
         bool SupportsInlineAutofill();
         bool SupportsDrawOver();
@@ -37,7 +36,6 @@ namespace Bit.App.Abstractions
         void RateApp();
         void OpenAccessibilitySettings();
         void OpenAccessibilityOverlayPermissionSettings();
-        void OpenCredentialProviderSettings();
         void OpenAutofillSettings();
         long GetActiveTime();
         void CloseMainApp();

src/Core/Abstractions/IFido2AuthenticationService.cs

@@ -1,9 +0,0 @@
-using Bit.Core.Utilities.Fido2;
-
-namespace Bit.Core.Abstractions
-{
-    public interface IFido2AuthenticationService
-    {
-        Task<Fido2AuthenticatorGetAssertionResult> GetAssertionAsync(Fido2AuthenticatorGetAssertionParams assertionParams);
-    }
-}

src/Core/Abstractions/IFido2AuthenticatorService.cs

@@ -1,13 +0,0 @@
-using Bit.Core.Utilities.Fido2;
-
-namespace Bit.Core.Abstractions
-{
-    public interface IFido2AuthenticatorService
-    {
-        void Init(IFido2UserInterface userInterface);
-        Task<Fido2AuthenticatorMakeCredentialResult> MakeCredentialAsync(Fido2AuthenticatorMakeCredentialParams makeCredentialParams);
-        Task<Fido2AuthenticatorGetAssertionResult> GetAssertionAsync(Fido2AuthenticatorGetAssertionParams assertionParams);
-        // TODO: Should this return a List? Or maybe IEnumerable?
-        Task<Fido2AuthenticatorDiscoverableCredentialMetadata[]> SilentCredentialDiscoveryAsync(string rpId);
-    }
-}

src/Core/Abstractions/IFido2ClientService.cs

@@ -1,35 +0,0 @@
-using Bit.Core.Utilities.Fido2;
-
-namespace Bit.Core.Abstractions
-{
-    /// <summary>
-    /// This class represents an abstraction of the WebAuthn Client as described by W3C:
-    /// https://www.w3.org/TR/webauthn-3/#webauthn-client
-    ///
-    /// The WebAuthn Client is an intermediary entity typically implemented in the user agent
-    /// (in whole, or in part). Conceptually, it underlies the Web Authentication API and embodies
-    /// the implementation of the Web Authentication API's operations.
-    ///
-    /// It is responsible for both marshalling the inputs for the underlying authenticator operations,
-    /// and for returning the results of the latter operations to the Web Authentication API's callers.
-    /// </summary>
-    public interface IFido2ClientService
-    {
-        /// <summary>
-        /// Allows WebAuthn Relying Party scripts to request the creation of a new public key credential source.
-        /// For more information please see: https://www.w3.org/TR/webauthn-3/#sctn-createCredential
-        /// </summary>
-        /// <param name="createCredentialParams">The parameters for the credential creation operation</param>
-        /// <returns>The new credential</returns>
-        Task<Fido2ClientCreateCredentialResult> CreateCredentialAsync(Fido2ClientCreateCredentialParams createCredentialParams);
-
-        /// <summary>
-        /// Allows WebAuthn Relying Party scripts to discover and use an existing public key credential, with the user’s consent.
-        /// Relying Party script can optionally specify some criteria to indicate what credential sources are acceptable to it.
-        /// For more information please see: https://www.w3.org/TR/webauthn-3/#sctn-getAssertion
-        /// </summary>
-        /// <param name="assertCredentialParams">The parameters for the credential assertion operation</param>
-        /// <returns>The asserted credential</returns>
-        Task<Fido2ClientAssertCredentialResult> AssertCredentialAsync(Fido2ClientAssertCredentialParams assertCredentialParams);
-    }
-}

src/Core/Abstractions/IFido2UserInterface.cs

@@ -1,100 +0,0 @@
-using Bit.Core.Utilities.Fido2;
-
-namespace Bit.Core.Abstractions
-{
-    /// <summary>
-    /// Parameters used to ask the user to pick a credential from a list of existing credentials.
-    /// </summary>
-    public struct Fido2PickCredentialParams
-    {
-        /// <summary>
-        /// The IDs of the credentials that the user can pick from.
-        /// </summary>
-        public string[] CipherIds { get; set; }
-
-        /// <summary>
-        /// Whether or not the user must be verified before completing the operation.
-        /// </summary>
-        public bool UserVerification { get; set; }
-    }
-
-    /// <summary>
-    /// The result of asking the user to pick a credential from a list of existing credentials.
-    /// </summary>
-    public struct Fido2PickCredentialResult
-    {
-        /// <summary>
-        /// The ID of the cipher that contains the credentials the user picked.
-        /// </summary>
-        public string CipherId { get; set; }
-
-        /// <summary>
-        /// Whether or not the user was verified before completing the operation.
-        /// </summary>
-        public bool UserVerified { get; set; }
-    }
-
-    public struct Fido2ConfirmNewCredentialParams
-    {
-        ///<summary>
-        /// The name of the credential.
-        ///</summary>
-        public string CredentialName { get; set; }
-
-        ///<summary>
-        /// The name of the user.
-        ///</summary>
-        public string UserName { get; set; }
-
-        /// <summary>
-        /// Whether or not the user must be verified before completing the operation.
-        /// </summary>
-        public bool UserVerification { get; set; }
-
-        public string RpId { get; set; }
-    }
-
-    public struct Fido2ConfirmNewCredentialResult
-    {
-        /// <summary>
-        /// The name of the user.
-        /// </summary>
-        public string CipherId { get; set; }
-
-        /// <summary>
-        /// Whether or not the user was verified.
-        /// </summary>
-        public bool UserVerified { get; set; }
-    }
-
-    public interface IFido2UserInterface
-    {
-        /// <summary>
-        /// Ask the user to pick a credential from a list of existing credentials.
-        /// </summary>
-        /// <param name="pickCredentialParams">The parameters to use when asking the user to pick a credential.</param>
-        /// <returns>The ID of the cipher that contains the credentials the user picked.</returns>
-        Task<Fido2PickCredentialResult> PickCredentialAsync(Fido2PickCredentialParams pickCredentialParams);
-
-        /// <summary>
-        /// Inform the user that the operation was cancelled because their vault contains excluded credentials.
-        /// </summary>
-        /// <param name="existingCipherIds">The IDs of the excluded credentials.</param>
-        /// <returns>When user has confirmed the message</returns>
-        Task InformExcludedCredential(string[] existingCipherIds);
-
-        /// <summary>
-        /// Ask the user to confirm the creation of a new credential.
-        /// </summary>
-        /// <param name="confirmNewCredentialParams">The parameters to use when asking the user to confirm the creation of a new credential.</param>
-        /// <returns>The ID of the cipher where the new credential should be saved.</returns>
-        Task<Fido2ConfirmNewCredentialResult> ConfirmNewCredentialAsync(Fido2ConfirmNewCredentialParams confirmNewCredentialParams);
-
-        /// <summary>
-        /// Make sure that the vault is unlocked.
-        /// This should open a window and ask the user to login or unlock the vault if necessary.
-        /// </summary>
-        /// <returns>When vault has been unlocked.</returns>
-        Task EnsureUnlockedVaultAsync();
-    }
-}

src/Core/App.xaml.cs

@@ -46,7 +46,6 @@ namespace Bit.App
         // This queue keeps those actions so that when the app has resumed they can still be executed.
         // Links: https://github.com/dotnet/maui/issues/11501 and https://bitwarden.atlassian.net/wiki/spaces/NMME/pages/664862722/MainPage+Assignments+not+working+on+Android+on+Background+or+App+resume
         private readonly Queue<Action> _onResumeActions = new Queue<Action>();
-        private bool _hasNavigatedToAutofillWindow;
 
 #if ANDROID
 
@@ -120,41 +119,8 @@ namespace Bit.App
                 return new Window(new NavigationPage()); //No actual page needed. Only used for auto-filling the fields directly (externally)
             }
 
-            //"Internal" Autofill and Uri/Otp/CreateSend. This is where we create the autofill specific Window
-            if (Options != null && (Options.FromAutofillFramework || Options.Uri != null || Options.OtpData != null || Options.CreateSend != null))
-            {
-                _isResumed = true; //Specifically for the Autofill scenario we need to manually set the _isResumed here
-                _hasNavigatedToAutofillWindow = true;
-                return new AutoFillWindow(new NavigationPage(new AndroidNavigationRedirectPage()));
-            }
-
-            var homePage = new HomePage(Options);
-            // WORKAROUND: If the user autofills with Accessibility Services enabled and goes back to the application then there is currently an issue
-            // where this method is called again
-            // thus it goes through here and the user goes to HomePage as we see here.
-            // So to solve this, the next flag check has been added which then turns on a flag on the home page
-            // that will trigger a navigation on the accounts manager when it loads; workarounding this behavior and navigating the user
-            // to the proper page depending on its state.
-            // WARNING: this doens't navigate the user to where they were but it acts as if the user had changed their account.
-            if(_hasNavigatedToAutofillWindow)
-            {
-                homePage.PerformNavigationOnAccountChangedOnLoad = true;
-                // this is needed because when coming back from AutofillWindow OnResume won't be called and we need this flag
-                // so that void Navigate(NavigationTarget navTarget, INavigationParams navParams) doesn't enqueue the navigation
-                // and it performs it directly.
-                _isResumed = true; 
-                _hasNavigatedToAutofillWindow = false;
-            }
-
-            //If we have an existing MainAppWindow we can use that one
-            var mainAppWindow = Windows.OfType<MainAppWindow>().FirstOrDefault();
-            if (mainAppWindow != null)
-            {
-                mainAppWindow.PendingPage = new NavigationPage(homePage);
-            }
-
-            //Create new main window
-            return new MainAppWindow(new NavigationPage(homePage));
+            _isResumed = true;
+            return new ResumeWindow(new NavigationPage(new AndroidNavigationRedirectPage(Options)));
         }
 #else
         //iOS doesn't use the CreateWindow override used in Android so we just set the Application.Current.MainPage directly
@@ -171,7 +137,7 @@ namespace Bit.App
                     Application.Current.MainPage = value;
                 }
             }
-        }   
+        }
 #endif
 
         public App() : this(null)

src/Core/Constants.cs

@@ -47,6 +47,7 @@ namespace Bit.Core
         public const string ConfigsKey = "configsKey";
         public const string DisplayEuEnvironmentFlag = "display-eu-environment";
         public const string RegionEnvironment = "regionEnvironment";
+        public const string DuoCallback = "bitwarden://duo-callback";
 
         /// <summary>
         /// This key is used to store the value of "ShouldConnectToWatch" of the last user that had logged in

src/Core/Controls/CipherViewCell/BaseCipherViewCell.cs

@@ -53,12 +53,13 @@ namespace Bit.App.Controls
             if (BindingContext is CipherItemViewModel cipherItemVM)
             {
                 cipherItemVM.IconImageSuccesfullyLoaded = true;
+
+                MainThread.BeginInvokeOnMainThread(() =>
+                {
+                    Icon.IsVisible = cipherItemVM.ShowIconImage;
+                    IconPlaceholder.IsVisible = !cipherItemVM.ShowIconImage;
+                });
             }
-            MainThread.BeginInvokeOnMainThread(() =>
-            {
-                Icon.IsVisible = true;
-                IconPlaceholder.IsVisible = false;
-            });
         }
 
         public void Icon_Error(object sender, FFImageLoading.Maui.CachedImageEvents.ErrorEventArgs e)

src/Core/Core.csproj

@@ -34,7 +34,6 @@
 	  <PackageReference Include="CsvHelper" Version="30.0.1" />
 	  <PackageReference Include="LiteDB" Version="5.0.17" />
 	  <PackageReference Include="PCLCrypto" Version="2.1.40-alpha" />
-	  <PackageReference Include="System.Formats.Cbor" Version="8.0.0" />
 	  <PackageReference Include="zxcvbn-core" Version="7.0.92" />
 	  <PackageReference Include="MessagePack.MSBuild.Tasks" Version="2.5.124">
 	    <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
@@ -53,7 +52,6 @@
 	<ItemGroup Condition="$([MSBuild]::GetTargetPlatformIdentifier('$(TargetFramework)')) == 'android'">
 	  <PackageReference Include="Xamarin.AndroidX.AutoFill" Version="1.1.0.18" />
 	  <PackageReference Include="Xamarin.AndroidX.Activity.Ktx" Version="1.7.2.1" />
-      <PackageReference Include="Xamarin.AndroidX.Credentials" Version="1.0.0" />
 	</ItemGroup>
 	<ItemGroup Condition="$([MSBuild]::GetTargetPlatformIdentifier('$(TargetFramework)')) == 'android' AND !$(DefineConstants.Contains(FDROID))">
 	  <PackageReference Include="Xamarin.GooglePlayServices.SafetyNet" Version="118.0.1.5" />
@@ -77,9 +75,9 @@
     <Folder Include="Utilities\Automation\" />
     <Folder Include="Utilities\Prompts\" />
     <Folder Include="Resources\Localization\" />
-    <Folder Include="Utilities\Fido2\" />
     <Folder Include="Controls\Picker\" />
     <Folder Include="Controls\Avatar\" />
+    <Folder Include="Utilities\WebAuthenticatorMAUI\" />
   </ItemGroup>
 	<ItemGroup>
 	  <MauiImage Include="Resources\Images\dotnet_bot.svg">
@@ -108,8 +106,8 @@
 	  </MauiXaml>
 	</ItemGroup>
 	<ItemGroup>
-	  <None Remove="Utilities\Fido2\" />
 	  <None Remove="Controls\Picker\" />
 	  <None Remove="Controls\Avatar\" />
+	  <None Remove="Utilities\WebAuthenticatorMAUI\" />
 	</ItemGroup>
 </Project>

src/Core/Models/Api/Fido2CredentialApi.cs

@@ -1,4 +1,5 @@
-using Bit.Core.Models.Domain;
+using System;
+using Bit.Core.Models.Domain;
 
 namespace Bit.Core.Models.Api
 {
@@ -20,7 +21,6 @@ namespace Bit.Core.Models.Api
             RpName = fido2Key.RpName?.EncryptedString;
             UserHandle = fido2Key.UserHandle?.EncryptedString;
             UserName = fido2Key.UserName?.EncryptedString;
-            UserDisplayName = fido2Key.UserDisplayName?.EncryptedString;
             Counter = fido2Key.Counter?.EncryptedString;
             CreationDate = fido2Key.CreationDate;
         }
@@ -35,7 +35,6 @@ namespace Bit.Core.Models.Api
         public string RpName { get; set; }
         public string UserHandle { get; set; }
         public string UserName { get; set; }
-        public string UserDisplayName { get; set; }
         public string Counter { get; set; }
         public DateTime CreationDate { get; set; }
     }

src/Core/Models/Data/Fido2CredentialData.cs

@@ -19,7 +19,6 @@ namespace Bit.Core.Models.Data
             RpName = apiData.RpName;
             UserHandle = apiData.UserHandle;
             UserName = apiData.UserName;
-            UserDisplayName = apiData.UserDisplayName;
             Counter = apiData.Counter;
             CreationDate = apiData.CreationDate;
         }
@@ -34,7 +33,6 @@ namespace Bit.Core.Models.Data
         public string RpName { get; set; }
         public string UserHandle { get; set; }
         public string UserName { get; set; }
-        public string UserDisplayName { get; set; }
         public string Counter { get; set; }
         public DateTime CreationDate { get; set; }
     }

src/Core/Models/Domain/Fido2Credential.cs

@@ -1,4 +1,8 @@
-using Bit.Core.Models.Data;
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Threading.Tasks;
+using Bit.Core.Models.Data;
 using Bit.Core.Models.View;
 
 namespace Bit.Core.Models.Domain
@@ -17,7 +21,6 @@ namespace Bit.Core.Models.Domain
             nameof(RpName),
             nameof(UserHandle),
             nameof(UserName),
-            nameof(UserDisplayName),
             nameof(Counter)
         };
 
@@ -45,7 +48,6 @@ namespace Bit.Core.Models.Domain
         public EncString RpName { get; set; }
         public EncString UserHandle { get; set; }
         public EncString UserName { get; set; }
-        public EncString UserDisplayName { get; set; }
         public EncString Counter { get; set; }
         public DateTime CreationDate { get; set; }
 

src/Core/Models/View/CipherView.cs

@@ -1,4 +1,7 @@
-using Bit.Core.Enums;
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using Bit.Core.Enums;
 using Bit.Core.Models.Domain;
 
 namespace Bit.Core.Models.View

src/Core/Models/View/Fido2CredentialView.cs

@@ -1,7 +1,7 @@
-using System.Text.Json.Serialization;
+using System;
+using System.Collections.Generic;
 using Bit.Core.Enums;
 using Bit.Core.Models.Domain;
-using Bit.Core.Utilities;
 
 namespace Bit.Core.Models.View
 {
@@ -26,40 +26,13 @@ namespace Bit.Core.Models.View
         public string RpName { get; set; }
         public string UserHandle { get; set; }
         public string UserName { get; set; }
-        public string UserDisplayName { get; set; }
         public string Counter { get; set; }
         public DateTime CreationDate { get; set; }
 
-        [JsonIgnore]
-        public int CounterValue {
-            get => int.TryParse(Counter, out var counter) ? counter : 0;
-            set => Counter = value.ToString();
-        }
-
-        [JsonIgnore]
-        public byte[] UserHandleValue {
-            get => UserHandle == null ? null : CoreHelpers.Base64UrlDecode(UserHandle);
-            set => UserHandle = value == null ? null : CoreHelpers.Base64UrlEncode(value);
-        }
-
-        [JsonIgnore]
-        public byte[] KeyBytes {
-            get => KeyValue == null ? null : CoreHelpers.Base64UrlDecode(KeyValue);
-            set => KeyValue = value == null ? null : CoreHelpers.Base64UrlEncode(value);
-        }
-
-        [JsonIgnore]
-        public bool DiscoverableValue {
-            get => bool.TryParse(Discoverable, out var discoverable) && discoverable;
-            set => Discoverable = value.ToString().ToLower(); // must be lowercase so it can be parsed in the current version of clients
-        }
-
-        [JsonIgnore]
         public override string SubTitle => UserName;
         public override List<KeyValuePair<string, LinkedIdType>> LinkedFieldOptions => new List<KeyValuePair<string, LinkedIdType>>();
-        [JsonIgnore]
+        public bool IsDiscoverable => !string.IsNullOrWhiteSpace(Discoverable);
         public bool CanLaunch => !string.IsNullOrEmpty(RpId);
-        [JsonIgnore]
         public string LaunchUri => $"https://{RpId}";
 
         public bool IsUniqueAgainst(Fido2CredentialView fido2View) => fido2View?.RpId != RpId || fido2View?.UserName != UserName;

src/Core/Pages/Accounts/EnvironmentPage.xaml

@@ -21,10 +21,6 @@
     <ScrollView>
         <StackLayout Spacing="20">
             <StackLayout StyleClass="box">
-                <StackLayout StyleClass="box-row-header">
-                    <Label Text="MAUI APP"
-                           StyleClass="box-header, box-header-platform" />
-                </StackLayout>
                 <StackLayout StyleClass="box-row-header">
                     <Label Text="{u:I18n SelfHostedEnvironment, Header=True}"
                            StyleClass="box-header, box-header-platform" />

src/Core/Pages/Accounts/EnvironmentPage.xaml.cs

@@ -1,6 +1,7 @@
 using Bit.Core.Abstractions;
 using Bit.Core.Resources.Localization;
 using Bit.Core.Utilities;
+using Microsoft.Maui.Platform;
 
 namespace Bit.App.Pages
 {
@@ -26,7 +27,7 @@ namespace Bit.App.Pages
             _apiEntry.ReturnCommand = new Command(() => _identityEntry.Focus());
             _identityEntry.ReturnType = ReturnType.Next;
             _identityEntry.ReturnCommand = new Command(() => _iconsEntry.Focus());
-            _vm.SubmitSuccessAction = () => MainThread.BeginInvokeOnMainThread(async () => await SubmitSuccessAsync());
+            _vm.SubmitSuccessTask = () => MainThread.InvokeOnMainThreadAsync(SubmitSuccessAsync);
             _vm.CloseAction = async () =>
             {
                 await Navigation.PopModalAsync();
@@ -37,6 +38,12 @@ namespace Bit.App.Pages
         {
             _platformUtilsService.ShowToast("success", null, AppResources.EnvironmentSaved);
             await Navigation.PopModalAsync();
+#if ANDROID
+            if (Platform.CurrentActivity.CurrentFocus != null)
+            {
+                Platform.CurrentActivity.HideKeyboard(Platform.CurrentActivity.CurrentFocus);
+            }
+#endif
         }
 
         private void Close_Clicked(object sender, EventArgs e)

src/Core/Pages/Accounts/EnvironmentPageViewModel.cs

@@ -44,7 +44,7 @@ namespace Bit.App.Pages
         public string WebVaultUrl { get; set; }
         public string IconsUrl { get; set; }
         public string NotificationsUrls { get; set; }
-        public Action SubmitSuccessAction { get; set; }
+        public Func<Task> SubmitSuccessTask { get; set; }
         public Action CloseAction { get; set; }
 
         public async Task SubmitAsync()
@@ -73,7 +73,10 @@ namespace Bit.App.Pages
             IconsUrl = resUrls.Icons;
             NotificationsUrls = resUrls.Notifications;
 
-            SubmitSuccessAction?.Invoke();
+            if (SubmitSuccessTask != null)
+            {
+                await SubmitSuccessTask();
+            }
         }
 
         public bool ValidateUrls()

src/Core/Pages/Accounts/HomePage.xaml.cs

@@ -12,12 +12,14 @@ namespace Bit.App.Pages
         private readonly HomeViewModel _vm;
         private readonly AppOptions _appOptions;
         private IBroadcasterService _broadcasterService;
+        private IConditionedAwaiterManager _conditionedAwaiterManager;
 
         readonly LazyResolve<ILogger> _logger = new LazyResolve<ILogger>();
 
         public HomePage(AppOptions appOptions = null)
         {
             _broadcasterService = ServiceContainer.Resolve<IBroadcasterService>();
+            _conditionedAwaiterManager = ServiceContainer.Resolve<IConditionedAwaiterManager>();
             _appOptions = appOptions;
             InitializeComponent();
             _vm = BindingContext as HomeViewModel;
@@ -56,6 +58,8 @@ namespace Bit.App.Pages
                 PerformNavigationOnAccountChangedOnLoad = false;
                 accountsManager.NavigateOnAccountChangeAsync().FireAndForget();
             }
+
+            _conditionedAwaiterManager.SetAsCompleted(AwaiterPrecondition.AndroidWindowCreated);
 #endif
         }
 

src/Core/Pages/Accounts/LoginPasswordlessPage.xaml

@@ -39,7 +39,7 @@
                     FontSize="Small"
                     FontAttributes="Bold"/>
                 <controls:MonoLabel
-                    FormattedText="{Binding LoginRequest.FingerprintPhrase}"
+                    Text="{Binding LoginRequest.FingerprintPhrase}"
                     FontSize="Medium"
                     TextColor="{DynamicResource FingerprintPhrase}"
                     Margin="0,0,0,27"
@@ -85,7 +85,6 @@
         <Button
                 Text="{u:I18n DenyLogIn}"
                 Command="{Binding RejectRequestCommand}"
-                StyleClass="btn-secundary"
                 AutomationId="DenyLoginButton" />
 
     </StackLayout>

src/Core/Pages/Accounts/LoginPasswordlessRequestPage.xaml

@@ -41,7 +41,7 @@
                 FontSize="Small"
                 FontAttributes="Bold" />
             <controls:MonoLabel
-                FormattedText="{Binding FingerprintPhrase}"
+                Text="{Binding FingerprintPhrase}"
                 FontSize="Small"
                 TextColor="{DynamicResource FingerprintPhrase}"
                 AutomationId="FingerprintPhraseValue" />

src/Core/Pages/Accounts/LoginSsoPage.xaml.cs

@@ -21,6 +21,7 @@ namespace Bit.App.Pages
             InitializeComponent();
             _vm = BindingContext as LoginSsoPageViewModel;
             _vm.Page = this;
+            _vm.FromIosExtension = _appOptions?.IosExtension ?? false;
             _vm.StartTwoFactorAction = () => MainThread.BeginInvokeOnMainThread(async () => await StartTwoFactorAsync());
             _vm.StartSetPasswordAction = () =>
                 MainThread.BeginInvokeOnMainThread(async () => await StartSetPasswordAsync());

src/Core/Pages/Accounts/LoginSsoPageViewModel.cs

@@ -15,6 +15,16 @@ using Bit.Core.Utilities;
 using Microsoft.Maui.Authentication;
 using Microsoft.Maui.Networking;
 using NetworkAccess = Microsoft.Maui.Networking.NetworkAccess;
+using Org.BouncyCastle.Asn1.Ocsp;
+
+#if IOS
+using AuthenticationServices;
+using Foundation;
+using UIKit;
+using WebAuthenticator = Bit.Core.Utilities.MAUI.WebAuthenticator;
+using WebAuthenticatorResult = Bit.Core.Utilities.MAUI.WebAuthenticatorResult;
+using WebAuthenticatorOptions = Bit.Core.Utilities.MAUI.WebAuthenticatorOptions;
+#endif
 
 namespace Bit.App.Pages
 {
@@ -64,6 +74,8 @@ namespace Bit.App.Pages
             set => SetProperty(ref _orgIdentifier, value);
         }
 
+        public bool FromIosExtension { get; set; }
+
         public ICommand LogInCommand { get; }
         public Action StartTwoFactorAction { get; set; }
         public Action StartSetPasswordAction { get; set; }
@@ -153,6 +165,9 @@ namespace Bit.App.Pages
                     CallbackUrl = new Uri(REDIRECT_URI),
                     Url = new Uri(url),
                     PrefersEphemeralWebBrowserSession = _useEphemeralWebBrowserSession,
+#if IOS
+                    ShouldUseSharedApplicationKeyWindow = FromIosExtension
+#endif
                 });
 
                 var code = GetResultCode(authResult, state);

src/Core/Pages/Accounts/TwoFactorPage.xaml

@@ -132,14 +132,26 @@
                     </StackLayout>
                 </StackLayout>
             </StackLayout>
-            <StackLayout Spacing="0" Padding="0" IsVisible="{Binding DuoMethod, Mode=OneWay}"
-                         VerticalOptions="StartAndExpand">
+            <StackLayout
+                Spacing="0"
+                Padding="0"
+                IsVisible="{Binding DuoMethod, Mode=OneWay}"
+                VerticalOptions="FillAndExpand">
+                <Label
+                    StyleClass="box"
+                    Text="{Binding DuoFramelessLabel}"
+                    HorizontalOptions="StartAndExpand" 
+                    Margin="10,21"
+                    IsVisible="{Binding IsDuoFrameless}"/>
                 <controls:HybridWebView
                     x:Name="_duoWebView"
                     HorizontalOptions="FillAndExpand"
                     VerticalOptions="FillAndExpand"
-                    HeightRequest="{Binding DuoWebViewHeight, Mode=OneWay}" />
-                <StackLayout StyleClass="box" VerticalOptions="End">
+                    HeightRequest="{Binding DuoWebViewHeight, Mode=OneWay}"
+                    IsVisible="{Binding IsDuoFrameless, Converter={StaticResource inverseBool}}"/>
+                <StackLayout
+                    StyleClass="box"
+                    VerticalOptions="End">
                     <StackLayout StyleClass="box-row, box-row-switch">
                         <Label
                             Text="{u:I18n RememberMe}"
@@ -151,6 +163,12 @@
                             HorizontalOptions="End" />
                     </StackLayout>
                 </StackLayout>
+                <Button Text="{u:I18n LaunchDuo}"
+                    Margin="10,21"
+                    StyleClass="btn-primary"
+                    Command="{Binding AuthenticateWithDuoFramelessCommand}"
+                    AutomationId="DuoFramelessButton"
+                    IsVisible="{Binding IsDuoFrameless}"/>
             </StackLayout>
             <StackLayout
                 Spacing="0"

src/Core/Pages/Accounts/TwoFactorPageViewModel.cs

@@ -2,6 +2,7 @@
 using System.Windows.Input;
 using Bit.App.Abstractions;
 using Bit.App.Utilities;
+using Bit.Core;
 using Bit.Core.Abstractions;
 using Bit.Core.Enums;
 using Bit.Core.Exceptions;
@@ -34,6 +35,7 @@ namespace Bit.App.Pages
         private string _webVaultUrl = "https://vault.bitwarden.com";
         private bool _enableContinue = false;
         private bool _showContinue = true;
+        private bool _isDuoFrameless = false;
         private double _duoWebViewHeight;
 
         public TwoFactorPageViewModel()
@@ -56,6 +58,7 @@ namespace Bit.App.Pages
             PageTitle = AppResources.TwoStepLogin;
             SubmitCommand = CreateDefaultAsyncRelayCommand(() => MainThread.InvokeOnMainThreadAsync(async () => await SubmitAsync()), allowsMultipleExecutions: false);
             MoreCommand = CreateDefaultAsyncRelayCommand(MoreAsync, onException: _logger.Exception, allowsMultipleExecutions: false);
+            AuthenticateWithDuoFramelessCommand = CreateDefaultAsyncRelayCommand(DuoFramelessAuthenticateAsync, allowsMultipleExecutions: false);
         }
 
         public string TotpInstruction
@@ -103,6 +106,16 @@ namespace Bit.App.Pages
             set => SetProperty(ref _enableContinue, value);
         }
 
+        public bool IsDuoFrameless
+        {
+            get => _isDuoFrameless;
+            set => SetProperty(ref _isDuoFrameless, value, additionalPropertyNames: new string[] { nameof(DuoFramelessLabel) });
+        }
+
+        public string DuoFramelessLabel => SelectedProviderType == TwoFactorProviderType.OrganizationDuo ?
+            $"{AppResources.DuoTwoStepLoginIsRequiredForYourAccount} {AppResources.FollowTheStepsFromDuoToFinishLoggingIn}" :
+            AppResources.FollowTheStepsFromDuoToFinishLoggingIn;
+
 #if IOS
         public string YubikeyInstruction => AppResources.YubiKeyInstructionIos;
 #else
@@ -125,6 +138,7 @@ namespace Bit.App.Pages
         }
         public ICommand SubmitCommand { get; }
         public ICommand MoreCommand { get; }
+        public ICommand AuthenticateWithDuoFramelessCommand { get; }
         public Action TwoFactorAuthSuccessAction { get; set; }
         public Action LockAction { get; set; }
         public Action StartDeviceApprovalOptionsAction { get; set; }
@@ -179,15 +193,29 @@ namespace Bit.App.Pages
                     break;
                 case TwoFactorProviderType.Duo:
                 case TwoFactorProviderType.OrganizationDuo:
-                    SetDuoWebViewHeight();
-                    var host = WebUtility.UrlEncode(providerData["Host"] as string);
-                    var req = WebUtility.UrlEncode(providerData["Signature"] as string);
-                    page.DuoWebView.Uri = $"{_webVaultUrl}/duo-connector.html?host={host}&request={req}";
-                    page.DuoWebView.RegisterAction(sig =>
+                    IsDuoFrameless = providerData.ContainsKey("AuthUrl");
+                    if (!IsDuoFrameless)
                     {
-                        Token = sig;
-                        SubmitCommand.Execute(null);
-                    });
+                        SetDuoWebViewHeight();
+                        var host = WebUtility.UrlEncode(providerData["Host"] as string);
+                        var req = WebUtility.UrlEncode(providerData["Signature"] as string);
+                        page.DuoWebView.Uri = $"{_webVaultUrl}/duo-connector.html?host={host}&request={req}";
+                        page.DuoWebView.RegisterAction(sig =>
+                        {
+                            Token = sig;
+                            MainThread.BeginInvokeOnMainThread(async () =>
+                            {
+                                try
+                                {
+                                    await SubmitAsync();
+                                }
+                                catch (Exception ex)
+                                {
+                                    HandleException(ex);
+                                }
+                            });
+                        });
+                    }
                     break;
                 case TwoFactorProviderType.Email:
                     TotpInstruction = string.Format(AppResources.EnterVerificationCodeEmail,
@@ -211,6 +239,77 @@ namespace Bit.App.Pages
             ShowContinue = !(SelectedProviderType == null || DuoMethod || Fido2Method);
         }
 
+        private async Task DuoFramelessAuthenticateAsync()
+        {
+            await _deviceActionService.ShowLoadingAsync(AppResources.Validating);
+
+            if (!_authService.TwoFactorProvidersData.TryGetValue(SelectedProviderType.Value, out var providerData) ||
+                !providerData.TryGetValue("AuthUrl", out var urlObject))
+            {
+                throw new InvalidOperationException("Duo authentication error: Could not get ProviderData or AuthUrl");
+            }
+
+            var url = urlObject as string;
+            if (string.IsNullOrWhiteSpace(url))
+            {
+                throw new ArgumentNullException("Duo authentication error: Could not get valid auth url");
+            }
+
+            WebAuthenticatorResult authResult;
+            try
+            {
+                authResult = await WebAuthenticator.AuthenticateAsync(new WebAuthenticatorOptions
+                {
+                    Url = new Uri(url),
+                    CallbackUrl = new Uri(Constants.DuoCallback)
+                });
+            }
+            catch (TaskCanceledException)
+            {
+                // user canceled
+                await _deviceActionService.HideLoadingAsync();
+                return;
+            }
+
+            await _deviceActionService.HideLoadingAsync();
+            if (authResult == null || authResult.Properties == null)
+            {
+                throw new InvalidOperationException("Duo authentication error: Could not get result from authentication");
+            }
+
+            if (authResult.Properties.TryGetValue("error", out var resultError))
+            {
+                _logger.Error(resultError);
+                await _platformUtilsService.ShowDialogAsync(AppResources.AnErrorHasOccurred, AppResources.Ok);
+                return;
+            }
+
+            string code = null;
+            if (authResult.Properties.TryGetValue("code", out var resultCodeData))
+            {
+                code = Uri.UnescapeDataString(resultCodeData);
+            }
+
+            if (string.IsNullOrWhiteSpace(code))
+            {
+                throw new ArgumentException("Duo authentication error: response code is null or empty/whitespace");
+            }
+
+            string state = null;
+            if (authResult.Properties.TryGetValue("state", out var resultStateData))
+            {
+                state = Uri.UnescapeDataString(resultStateData);
+            }
+
+            if (string.IsNullOrWhiteSpace(state))
+            {
+                throw new ArgumentException("Duo authentication error: response state is null or empty/whitespace");
+            }
+
+            Token = $"{code}|{state}";
+            await SubmitAsync(true);
+        }
+        
         public void SetDuoWebViewHeight()
         {
             var screenHeight = DeviceDisplay.MainDisplayInfo.Height / DeviceDisplay.MainDisplayInfo.Density;

src/Core/Pages/AndroidNavigationRedirectPage.xaml.cs

@@ -1,20 +1,40 @@
 using Bit.App.Abstractions;
+using Bit.App.Models;
+using Bit.App.Pages;
+using Bit.Core.Abstractions;
+using Bit.Core.Services;
 using Bit.Core.Utilities;
 
 namespace Bit.Core.Pages;
 
 public partial class AndroidNavigationRedirectPage : ContentPage
 {
-    private readonly IAccountsManager _accountsManager;
-
-	public AndroidNavigationRedirectPage()
+    private AppOptions _options;
+	public AndroidNavigationRedirectPage(AppOptions options)
     {
-        _accountsManager = ServiceContainer.Resolve<IAccountsManager>("accountsManager");
+        _options = options ?? new AppOptions();
+
 		InitializeComponent();
 	}
 
     private void AndroidNavigationRedirectPage_OnLoaded(object sender, EventArgs e)
     {
-        _accountsManager.NavigateOnAccountChangeAsync().FireAndForget();
+        if (ServiceContainer.TryResolve<IAccountsManager>(out var accountsManager))
+        {
+            accountsManager.NavigateOnAccountChangeAsync().FireAndForget();
+        }
+        else
+        {
+            Bit.App.App.MainPage = new NavigationPage(new HomePage(_options)); //Fallback scenario to load HomePage just in case something goes wrong when resolving IAccountsManager
+        }
+
+        if (ServiceContainer.TryResolve<IConditionedAwaiterManager>(out var conditionedAwaiterManager))
+        {
+            conditionedAwaiterManager?.SetAsCompleted(AwaiterPrecondition.AndroidWindowCreated);
+        }
+        else
+        {
+            LoggerHelper.LogEvenIfCantBeResolved(new InvalidOperationException("ConditionedAwaiterManager can't be resolved on Android Navigation redirection"));
+        }
     }
 }

src/Core/Pages/Send/SendAddEditPage.xaml

@@ -266,6 +266,8 @@
                                 AutomationId="SendShowHideOptionsButton" />
                             <controls:IconButton
                                 x:Name="_btnOptionsUp"
+                                InputTransparent="True"
+                                MinimumWidthRequest="25"
                                 Text="{Binding Source={x:Static core:BitwardenIcons.ChevronUp}}"
                                 StyleClass="box-row-button"
                                 TextColor="{DynamicResource PrimaryColor}"
@@ -274,6 +276,8 @@
                                 AutomationId="SendOptionsDisplayed" />
                             <controls:IconButton
                                 x:Name="_btnOptionsDown"
+                                InputTransparent="True"
+                                MinimumWidthRequest="25"
                                 Text="{Binding Source={x:Static core:BitwardenIcons.AngleDown}}"
                                 StyleClass="box-row-button"
                                 TextColor="{DynamicResource PrimaryColor}"

src/Core/Pages/Send/SendGroupingsPage/SendGroupingsPage.xaml

@@ -50,6 +50,7 @@
                           x:DataType="pages:SendGroupingsPageListItem">
                 <controls:ExtendedStackLayout Orientation="Horizontal" 
                                               StyleClass="list-row, list-row-platform"
+                                              Spacing="6"
                                               AutomationId="{Binding AutomationId}">
                     <controls:IconLabel Text="{Binding Icon, Mode=OneWay}"
                                       HorizontalOptions="Start"

src/Core/Pages/Settings/AboutSettingsPageViewModel.cs

@@ -68,8 +68,7 @@ namespace Bit.App.Pages
         {
             get
             {
-                // TODO: REMOVE WHEN MERGED INTO MAIN BRANCH
-                var appInfo = string.Format("MAUI {0}: {1} ({2})",
+                var appInfo = string.Format("{0}: {1} ({2})",
                     AppResources.Version,
                     _platformUtilsService.GetApplicationVersion(),
                     _deviceActionService.GetBuildNumber());

src/Core/Pages/Settings/AutofillSettingsPage.xaml

@@ -19,15 +19,6 @@
                 Text="{u:I18n Autofill}"
                 StyleClass="settings-header" />
 
-            <controls:SwitchItemView
-                Title="{u:I18n CredentialProviderService}"
-                Subtitle="{u:I18n CredentialProviderServiceExplanationLong}"
-                IsVisible="{Binding SupportsCredentialProviderService}"
-                IsToggled="{Binding UseCredentialProviderService}"
-                AutomationId="CredentialProviderServiceSwitch"
-                StyleClass="settings-item-view"
-                HorizontalOptions="FillAndExpand" />
-
             <controls:SwitchItemView
                 Title="{u:I18n AutofillServices}"
                 Subtitle="{u:I18n AutofillServicesExplanationLong}"

src/Core/Pages/Settings/AutofillSettingsPageViewModel.android.cs

@@ -6,27 +6,12 @@ namespace Bit.App.Pages
 {
     public partial class AutofillSettingsPageViewModel
     {
-        private bool _useCredentialProviderService;
         private bool _useAutofillServices;
         private bool _useInlineAutofill;
         private bool _useAccessibility;
         private bool _useDrawOver;
         private bool _askToAddLogin;
 
-        public bool SupportsCredentialProviderService => DeviceInfo.Platform == DevicePlatform.Android && _deviceActionService.SupportsCredentialProviderService();
-
-        public bool UseCredentialProviderService
-        {
-            get => _useCredentialProviderService;
-            set
-            {
-                if (SetProperty(ref _useCredentialProviderService, value))
-                {
-                    ((ICommand)ToggleUseCredentialProviderServiceCommand).Execute(null);
-                }
-            }
-        }
-
         public bool SupportsAndroidAutofillServices => DeviceInfo.Platform == DevicePlatform.Android && _deviceActionService.SupportsAutofillServices();
 
         public bool UseAutofillServices
@@ -99,7 +84,6 @@ namespace Bit.App.Pages
             }
         }
 
-        public AsyncRelayCommand ToggleUseCredentialProviderServiceCommand { get; private set; }
         public AsyncRelayCommand ToggleUseAutofillServicesCommand { get; private set; }
         public AsyncRelayCommand ToggleUseInlineAutofillCommand { get; private set; }
         public AsyncRelayCommand ToggleUseAccessibilityCommand { get; private set; }
@@ -109,7 +93,6 @@ namespace Bit.App.Pages
 
         private void InitAndroidCommands()
         {
-            ToggleUseCredentialProviderServiceCommand = CreateDefaultAsyncRelayCommand(() => MainThread.InvokeOnMainThreadAsync(() => ToggleUseCredentialProviderService()), () => _inited, allowsMultipleExecutions: false);
             ToggleUseAutofillServicesCommand = CreateDefaultAsyncRelayCommand(() => MainThread.InvokeOnMainThreadAsync(() => ToggleUseAutofillServices()), () => _inited, allowsMultipleExecutions: false);
             ToggleUseInlineAutofillCommand = CreateDefaultAsyncRelayCommand(() => MainThread.InvokeOnMainThreadAsync(() => ToggleUseInlineAutofillEnabledAsync()), () => _inited, allowsMultipleExecutions: false);
             ToggleUseAccessibilityCommand = CreateDefaultAsyncRelayCommand(ToggleUseAccessibilityAsync, () => _inited, allowsMultipleExecutions: false);
@@ -132,9 +115,6 @@ namespace Bit.App.Pages
 
         private async Task UpdateAndroidAutofillSettingsAsync()
         {
-            // TODO - uncomment once _autofillHandler.CredentialProviderServiceEnabled() returns a real value
-            // _useCredentialProviderService = 
-            //     SupportsCredentialProviderService && _autofillHandler.CredentialProviderServiceEnabled();
             _useAutofillServices =
                 _autofillHandler.SupportsAutofillService() && _autofillHandler.AutofillServiceEnabled();
             _useAccessibility = _autofillHandler.AutofillAccessibilityServiceRunning();
@@ -143,7 +123,6 @@ namespace Bit.App.Pages
 
             await MainThread.InvokeOnMainThreadAsync(() =>
             {
-                TriggerPropertyChanged(nameof(UseCredentialProviderService));
                 TriggerPropertyChanged(nameof(UseAutofillServices));
                 TriggerPropertyChanged(nameof(UseAccessibility));
                 TriggerPropertyChanged(nameof(UseDrawOver));
@@ -151,18 +130,6 @@ namespace Bit.App.Pages
             });
         }
 
-        private void ToggleUseCredentialProviderService()
-        {
-            if (UseCredentialProviderService)
-            {
-                _deviceActionService.OpenCredentialProviderSettings();
-            }
-            else
-            {
-                _autofillHandler.DisableCredentialProviderService();
-            }
-        }
-
         private void ToggleUseAutofillServices()
         {
             if (UseAutofillServices)

src/Core/Pages/Settings/LoginPasswordlessRequestsListPage.xaml

@@ -37,10 +37,9 @@
                         <Label
                             Text="{u:I18n FingerprintPhrase}"
                             FontSize="Small"
-                            Padding="0, 10, 0 ,0"
                             FontAttributes="Bold"/>
                         <controls:MonoLabel
-                            FormattedText="{Binding FingerprintPhrase}"
+                            Text="{Binding FingerprintPhrase}"
                             Grid.Row="1"
                             Grid.ColumnSpan="2"
                             FontSize="Small"
@@ -70,64 +69,70 @@
                             Grid.ColumnSpan="2"/>
                     </Grid>
 	        </DataTemplate>
-
-            <StackLayout
-                x:Key="mainLayout"
-                x:Name="_mainLayout"
-                Padding="0, 10">
-                <RefreshView
-                    IsRefreshing="{Binding IsRefreshing}"
-                    Command="{Binding RefreshCommand}"
-                    VerticalOptions="FillAndExpand"
-                    BackgroundColor="{DynamicResource BackgroundColor}">
-                    <StackLayout>
-                        <Image
-                            x:Name="_emptyPlaceholder"
-                            Source="empty_login_requests"
-                            HorizontalOptions="Center"
-                            WidthRequest="160"
-                            HeightRequest="160"
-                            Margin="0,70,0,0"
-                            IsVisible="{Binding HasLoginRequests, Converter={StaticResource inverseBool}}"
-                            SemanticProperties.Description="{u:I18n NoPendingRequests}" />
-                        <controls:CustomLabel
-                            StyleClass="box-label-regular"
-                            Text="{u:I18n NoPendingRequests}"
-                            IsVisible="{Binding HasLoginRequests, Converter={StaticResource inverseBool}}"
-                            FontAttributes="{OnPlatform iOS=Bold}"
-                            FontWeight="500"
-                            HorizontalTextAlignment="Center"
-                            Margin="14,10,14,0"/>
-                        <controls:ExtendedCollectionView
-                            ItemsSource="{Binding LoginRequests}"
-                            ItemTemplate="{StaticResource loginRequestTemplate}"
-                            SelectionMode="Single"
-                            IsVisible="{Binding HasLoginRequests}"
-                            ExtraDataForLogging="Login requests page" >
-                            <controls:ExtendedCollectionView.Behaviors>
-                                <xct:EventToCommandBehavior
-                                    EventName="SelectionChanged"
-                                    Command="{Binding AnswerRequestCommand}"
-                                    EventArgsConverter="{StaticResource SelectionChangedEventArgsConverter}" />
-                            </controls:ExtendedCollectionView.Behaviors>
-                        </controls:ExtendedCollectionView>
-                    </StackLayout>
-                </RefreshView>
-                <controls:IconLabelButton
-                        VerticalOptions="End"
-                        Margin="10,0"
-                        Icon="{Binding Source={x:Static core:BitwardenIcons.Trash}}"
-                        Label="{u:I18n DeclineAllRequests}"
-                        ButtonCommand="{Binding DeclineAllRequestsCommand}"
-                        IsVisible="{Binding HasLoginRequests}"
-                        AutomationId="DeleteAllRequestsButton" />
-            </StackLayout>
         </ResourceDictionary>
     </ContentPage.Resources>
 
-    <ContentView 
-        x:Name="_mainContent">
-    </ContentView>
+    <Grid
+        RowDefinitions="*, Auto"
+        Padding="0, 10">
+        <RefreshView
+            Grid.Row="0"
+            IsRefreshing="{Binding IsRefreshing}"
+            Command="{Binding RefreshCommand}"
+            VerticalOptions="Fill"
+            BackgroundColor="{DynamicResource BackgroundColor}">
+            <Grid RowDefinitions="Auto, *">
+                <VerticalStackLayout Grid.Row="0" 
+                                     HorizontalOptions="Center">
+                    <Image
+                        x:Name="_emptyPlaceholder"
+                        Source="empty_login_requests"
+                        WidthRequest="160"
+                        HeightRequest="160"
+                        Margin="0,70,0,0"
+                        IsVisible="{Binding HasLoginRequests, Converter={StaticResource inverseBool}}"
+                        SemanticProperties.Description="{u:I18n NoPendingRequests}" />
+                    <controls:CustomLabel
+                        StyleClass="box-label-regular"
+                        Text="{u:I18n NoPendingRequests}"
+                        IsVisible="{Binding HasLoginRequests, Converter={StaticResource inverseBool}}"
+                        FontAttributes="{OnPlatform iOS=Bold}"
+                        FontWeight="500"
+                        Margin="14,10,14,0"/>
+                </VerticalStackLayout>
+                <controls:ExtendedCollectionView
+                    Grid.Row="1"
+                    ItemsSource="{Binding LoginRequests}"
+                    ItemTemplate="{StaticResource loginRequestTemplate}"
+                    SelectionMode="Single"
+                    IsVisible="{Binding HasLoginRequests}"
+                    ExtraDataForLogging="Login requests page" >
+                    <controls:ExtendedCollectionView.Behaviors>
+                        <xct:EventToCommandBehavior
+                            EventName="SelectionChanged"
+                            Command="{Binding AnswerRequestCommand}"
+                            EventArgsConverter="{StaticResource SelectionChangedEventArgsConverter}" />
+                    </controls:ExtendedCollectionView.Behaviors>
+                </controls:ExtendedCollectionView>
+            </Grid>
+        </RefreshView>
+        
+        <controls:IconLabelButton
+            Grid.Row="1"
+            VerticalOptions="End"
+            Margin="10,0"
+            Icon="{Binding Source={x:Static core:BitwardenIcons.Trash}}"
+            Label="{u:I18n DeclineAllRequests}"
+            ButtonCommand="{Binding DeclineAllRequestsCommand}"
+            IsVisible="{Binding HasLoginRequests}"
+            AutomationId="DeleteAllRequestsButton" />
+
+        <Grid x:Name="_activityIndicatorGrid" Grid.Row="0" Grid.RowSpan="2" BackgroundColor="{DynamicResource BackgroundColor}">
+            <ActivityIndicator IsRunning="True"
+                               VerticalOptions="Center" 
+                               HorizontalOptions="Center" />
+        </Grid>
+    </Grid>
 
 </pages:BaseContentPage>
 

src/Core/Pages/Settings/LoginPasswordlessRequestsListPage.xaml.cs

@@ -5,6 +5,7 @@ using System.Threading.Tasks;
 using Bit.App.Utilities;
 using Bit.Core.Abstractions;
 using Bit.Core.Models.Response;
+using Bit.Core.Services;
 using Bit.Core.Utilities;
 using Microsoft.Maui.ApplicationModel;
 using Microsoft.Maui.Controls;
@@ -19,7 +20,6 @@ namespace Bit.App.Pages
         public LoginPasswordlessRequestsListPage()
         {
             InitializeComponent();
-            SetActivityIndicator(_mainContent);
             _vm = BindingContext as LoginPasswordlessRequestsListViewModel;
             _vm.Page = this;
         }
@@ -27,9 +27,21 @@ namespace Bit.App.Pages
         protected override async void OnAppearing()
         {
             base.OnAppearing();
-            await LoadOnAppearedAsync(_mainLayout, false, _vm.RefreshAsync, _mainContent);
+            try
+            {
+                _activityIndicatorGrid.IsVisible = true;
 
-            UpdatePlaceholder();
+                await _vm.RefreshAsync();
+                UpdatePlaceholder();
+            }
+            catch (Exception ex)
+            {
+                LoggerHelper.LogEvenIfCantBeResolved(ex);
+            }
+            finally
+            {
+                _activityIndicatorGrid.IsVisible = false;
+            }
         }
 
         private async void Close_Clicked(object sender, System.EventArgs e)

src/Core/Pages/Settings/LoginPasswordlessRequestsListViewModel.cs

@@ -66,7 +66,6 @@ namespace Bit.App.Pages
         {
             try
             {
-                IsRefreshing = true;
                 LoginRequests.ReplaceRange(await _authService.GetActivePasswordlessLoginRequestsAsync());
             }
             catch (Exception ex)
@@ -108,7 +107,7 @@ namespace Bit.App.Pages
                 Origin = loginRequestData.Origin
             });
 
-            await Device.InvokeOnMainThreadAsync(() => Application.Current.MainPage.Navigation.PushModalAsync(new NavigationPage(page)));
+            await MainThread.InvokeOnMainThreadAsync(() => Application.Current.MainPage.Navigation.PushModalAsync(new NavigationPage(page)));
         }
 
         private async Task DeclineAllRequestsAsync()

src/Core/Pages/TabsPage.cs

@@ -96,6 +96,14 @@ namespace Bit.App.Pages
                     if (message.Command == "syncCompleted")
                     {
                         MainThread.BeginInvokeOnMainThread(async () => await UpdateVaultButtonTitleAsync());
+                        try
+                        {
+                            await ForcePasswordResetIfNeededAsync();
+                        }
+                        catch (Exception ex)
+                        {
+                            _logger.Value.Exception(ex);
+                        }
                     }
                 });
                 await UpdateVaultButtonTitleAsync();

src/Core/Resources/Localization/AppResources.Designer.cs

@@ -166,15 +166,6 @@ namespace Bit.Core.Resources.Localization {
             }
         }
         
-        /// <summary>
-        ///   Looks up a localized string similar to Credential Provider service
-        /// </summary>
-        public static string CredentialProviderService {
-            get {
-                return ResourceManager.GetString("CredentialProviderService", resourceCulture);
-            }
-        }
-        
         /// <summary>
         ///   Looks up a localized string similar to Bitwarden needs attention - See &quot;Auto-fill Accessibility Service&quot; from Bitwarden settings.
         /// </summary>
@@ -2344,6 +2335,15 @@ namespace Bit.Core.Resources.Localization {
             }
         }
         
+        /// <summary>
+        ///   Looks up a localized string similar to Duo two-step login is required for your account. .
+        /// </summary>
+        public static string DuoTwoStepLoginIsRequiredForYourAccount {
+            get {
+                return ResourceManager.GetString("DuoTwoStepLoginIsRequiredForYourAccount", resourceCulture);
+            }
+        }
+        
         /// <summary>
         ///   Looks up a localized string similar to Edit.
         /// </summary>
@@ -3208,6 +3208,15 @@ namespace Bit.Core.Resources.Localization {
             }
         }
         
+        /// <summary>
+        ///   Looks up a localized string similar to Follow the steps from Duo to finish logging in..
+        /// </summary>
+        public static string FollowTheStepsFromDuoToFinishLoggingIn {
+            get {
+                return ResourceManager.GetString("FollowTheStepsFromDuoToFinishLoggingIn", resourceCulture);
+            }
+        }
+        
         /// <summary>
         ///   Looks up a localized string similar to {0} is not correctly formatted..
         /// </summary>
@@ -3802,6 +3811,15 @@ namespace Bit.Core.Resources.Localization {
             }
         }
         
+        /// <summary>
+        ///   Looks up a localized string similar to Launch Duo.
+        /// </summary>
+        public static string LaunchDuo {
+            get {
+                return ResourceManager.GetString("LaunchDuo", resourceCulture);
+            }
+        }
+        
         /// <summary>
         ///   Looks up a localized string similar to Bitwarden allows you to share your vault items with others by using an organization. Learn more on the bitwarden.com website..
         /// </summary>
@@ -7694,15 +7712,6 @@ namespace Bit.Core.Resources.Localization {
             }
         }
         
-        /// <summary>
-        ///   Looks up a localized string similar to We were unable to automatically open the Android credential provider settings menu for you. You can navigate to the credential provider settings menu manually from Android Settings &gt; System &gt; Passwords &amp; accounts &gt; Passwords, passkeys and data services.
-        /// </summary>
-        public static string BitwardenCredentialProviderGoToSettings {
-            get {
-                return ResourceManager.GetString("BitwardenCredentialProviderGoToSettings", resourceCulture);
-            }
-        }
-        
         /// <summary>
         ///   Looks up a localized string similar to Word separator.
         /// </summary>
@@ -7721,15 +7730,6 @@ namespace Bit.Core.Resources.Localization {
             }
         }
         
-        /// <summary>
-        ///   Looks up a localized string similar to The Android Credential Provider is used for managing passkeys for use with websites and other apps on your device.
-        /// </summary>
-        public static string CredentialProviderServiceExplanationLong {
-            get {
-                return ResourceManager.GetString("CredentialProviderServiceExplanationLong", resourceCulture);
-            }
-        }
-        
         /// <summary>
         ///   Looks up a localized string similar to {0} hours and one minute.
         /// </summary>

src/Core/Resources/Localization/AppResources.af.resx

@@ -2876,4 +2876,13 @@ Wil u na die rekening omskakel?</value>
   <data name="SetUpAnUnlockOptionToChangeYourVaultTimeoutAction" xml:space="preserve">
     <value>Set up an unlock option to change your vault timeout action.</value>
   </data>
+  <data name="DuoTwoStepLoginIsRequiredForYourAccount" xml:space="preserve">
+    <value>Duo two-step login is required for your account. </value>
+  </data>
+  <data name="FollowTheStepsFromDuoToFinishLoggingIn" xml:space="preserve">
+    <value>Follow the steps from Duo to finish logging in.</value>
+  </data>
+  <data name="LaunchDuo" xml:space="preserve">
+    <value>Launch Duo</value>
+  </data>
 </root>

src/Core/Resources/Localization/AppResources.ar.resx

@@ -276,7 +276,7 @@
     <value>هل أنت متأكد من أنك تريد تسجيل الخروج؟</value>
   </data>
   <data name="RemoveAccount" xml:space="preserve">
-    <value>إزالة الحساب</value>
+    <value>أزِل الحساب</value>
   </data>
   <data name="RemoveAccountConfirmation" xml:space="preserve">
     <value>هل أنت متأكد من أنك تريد إزالة هذا الحساب؟</value>
@@ -2822,7 +2822,7 @@
     <value>مواصلة الاتصال بالدعم؟</value>
   </data>
   <data name="ContinueToPrivacyPolicy" xml:space="preserve">
-    <value>Continue to privacy policy?</value>
+    <value>هل تريد المتابعة إلى سياسة الخصوصية؟</value>
   </data>
   <data name="ContinueToAppStore" xml:space="preserve">
     <value>هل تريد المتابعة إلى متجر التطبيقات؟</value>
@@ -2844,7 +2844,7 @@
     <value>لا يمكن العثور على ما تبحث عنه؟ قم بالتواصل مع دعم Bitwarden على bitwarden.com.</value>
   </data>
   <data name="PrivacyPolicyDescriptionLong" xml:space="preserve">
-    <value>Check out our privacy policy on bitwarden.com.</value>
+    <value>اطلع على سياستنا للخصوصية على bitwarden.com.</value>
   </data>
   <data name="ExploreMoreFeaturesOfYourBitwardenAccountOnTheWebApp" xml:space="preserve">
     <value>استكشف المزيد من الميزات لحساب Bitwarden الخاص بك على تطبيق الويب.</value>
@@ -2877,4 +2877,13 @@
   <data name="SetUpAnUnlockOptionToChangeYourVaultTimeoutAction" xml:space="preserve">
     <value>أعدنّ ميزة إلغاء القُفْل لتغيير إجراء مهلة المخزن الخاص بك.</value>
   </data>
+  <data name="DuoTwoStepLoginIsRequiredForYourAccount" xml:space="preserve">
+    <value>Duo two-step login is required for your account. </value>
+  </data>
+  <data name="FollowTheStepsFromDuoToFinishLoggingIn" xml:space="preserve">
+    <value>Follow the steps from Duo to finish logging in.</value>
+  </data>
+  <data name="LaunchDuo" xml:space="preserve">
+    <value>Launch Duo</value>
+  </data>
 </root>

src/Core/Resources/Localization/AppResources.az.resx

@@ -2875,4 +2875,13 @@ Bu hesaba keçmək istəyirsiniz?</value>
   <data name="SetUpAnUnlockOptionToChangeYourVaultTimeoutAction" xml:space="preserve">
     <value>Anbar vaxt bitməsi əməliyyatınızı dəyişdirmək üçün bir kilid açma seçimi qurun.</value>
   </data>
+  <data name="DuoTwoStepLoginIsRequiredForYourAccount" xml:space="preserve">
+    <value>Hesabınız üçün Duo iki addımlı giriş tələb olunur. </value>
+  </data>
+  <data name="FollowTheStepsFromDuoToFinishLoggingIn" xml:space="preserve">
+    <value>Giriş etməni tamamlamaq üçün Duo-dakı addımları izləyin.</value>
+  </data>
+  <data name="LaunchDuo" xml:space="preserve">
+    <value>Duo-nu başlat</value>
+  </data>
 </root>

src/Core/Resources/Localization/AppResources.be.resx

@@ -2876,4 +2876,13 @@
   <data name="SetUpAnUnlockOptionToChangeYourVaultTimeoutAction" xml:space="preserve">
     <value>Set up an unlock option to change your vault timeout action.</value>
   </data>
+  <data name="DuoTwoStepLoginIsRequiredForYourAccount" xml:space="preserve">
+    <value>Duo two-step login is required for your account. </value>
+  </data>
+  <data name="FollowTheStepsFromDuoToFinishLoggingIn" xml:space="preserve">
+    <value>Follow the steps from Duo to finish logging in.</value>
+  </data>
+  <data name="LaunchDuo" xml:space="preserve">
+    <value>Launch Duo</value>
+  </data>
 </root>

src/Core/Resources/Localization/AppResources.bg.resx

@@ -2876,4 +2876,13 @@
   <data name="SetUpAnUnlockOptionToChangeYourVaultTimeoutAction" xml:space="preserve">
     <value>Задайте начин за отключване, за да може да промените действието при изтичане на времето за достъп до трезора.</value>
   </data>
+  <data name="DuoTwoStepLoginIsRequiredForYourAccount" xml:space="preserve">
+    <value>Вашата регистрация изисква двустепенно удостоверяване чрез Duo. </value>
+  </data>
+  <data name="FollowTheStepsFromDuoToFinishLoggingIn" xml:space="preserve">
+    <value>Следвайте стъпките от Duo, за да завършите вписването.</value>
+  </data>
+  <data name="LaunchDuo" xml:space="preserve">
+    <value>Стартиране на Duo</value>
+  </data>
 </root>

src/Core/Resources/Localization/AppResources.bn.resx

@@ -2877,4 +2877,13 @@ Do you want to switch to this account?</value>
   <data name="SetUpAnUnlockOptionToChangeYourVaultTimeoutAction" xml:space="preserve">
     <value>Set up an unlock option to change your vault timeout action.</value>
   </data>
+  <data name="DuoTwoStepLoginIsRequiredForYourAccount" xml:space="preserve">
+    <value>Duo two-step login is required for your account. </value>
+  </data>
+  <data name="FollowTheStepsFromDuoToFinishLoggingIn" xml:space="preserve">
+    <value>Follow the steps from Duo to finish logging in.</value>
+  </data>
+  <data name="LaunchDuo" xml:space="preserve">
+    <value>Launch Duo</value>
+  </data>
 </root>

src/Core/Resources/Localization/AppResources.bs.resx

@@ -2875,4 +2875,13 @@ Skeniranje će biti izvršeno automatski.</value>
   <data name="SetUpAnUnlockOptionToChangeYourVaultTimeoutAction" xml:space="preserve">
     <value>Set up an unlock option to change your vault timeout action.</value>
   </data>
+  <data name="DuoTwoStepLoginIsRequiredForYourAccount" xml:space="preserve">
+    <value>Duo two-step login is required for your account. </value>
+  </data>
+  <data name="FollowTheStepsFromDuoToFinishLoggingIn" xml:space="preserve">
+    <value>Follow the steps from Duo to finish logging in.</value>
+  </data>
+  <data name="LaunchDuo" xml:space="preserve">
+    <value>Launch Duo</value>
+  </data>
 </root>

src/Core/Resources/Localization/AppResources.ca.resx

@@ -2876,4 +2876,13 @@ Voleu canviar a aquest compte?</value>
   <data name="SetUpAnUnlockOptionToChangeYourVaultTimeoutAction" xml:space="preserve">
     <value>Configura una opció de desbloqueig per canviar l'acció de temps d'espera de la caixa forta.</value>
   </data>
+  <data name="DuoTwoStepLoginIsRequiredForYourAccount" xml:space="preserve">
+    <value>Es requereix l'inici de sessió en dos passos de DUO al vostre compte. </value>
+  </data>
+  <data name="FollowTheStepsFromDuoToFinishLoggingIn" xml:space="preserve">
+    <value>Seguiu els passos de Duo per acabar d'iniciar la sessió.</value>
+  </data>
+  <data name="LaunchDuo" xml:space="preserve">
+    <value>Inicia DUO</value>
+  </data>
 </root>

src/Core/Resources/Localization/AppResources.cs.resx

@@ -2875,4 +2875,13 @@ Chcete se přepnout na tento účet?</value>
   <data name="SetUpAnUnlockOptionToChangeYourVaultTimeoutAction" xml:space="preserve">
     <value>Nastavte volbu odemknutí, abyste změnili časový limit Vašeho trezoru.</value>
   </data>
+  <data name="DuoTwoStepLoginIsRequiredForYourAccount" xml:space="preserve">
+    <value>Pro Váš účet je vyžadováno dvoufázové přihlášení DUO. </value>
+  </data>
+  <data name="FollowTheStepsFromDuoToFinishLoggingIn" xml:space="preserve">
+    <value>Postupujte podle kroků od DUO pro dokončení přihlášení.</value>
+  </data>
+  <data name="LaunchDuo" xml:space="preserve">
+    <value>Spustit DUO</value>
+  </data>
 </root>

src/Core/Resources/Localization/AppResources.cy.resx

@@ -2877,4 +2877,13 @@ Do you want to switch to this account?</value>
   <data name="SetUpAnUnlockOptionToChangeYourVaultTimeoutAction" xml:space="preserve">
     <value>Set up an unlock option to change your vault timeout action.</value>
   </data>
+  <data name="DuoTwoStepLoginIsRequiredForYourAccount" xml:space="preserve">
+    <value>Duo two-step login is required for your account. </value>
+  </data>
+  <data name="FollowTheStepsFromDuoToFinishLoggingIn" xml:space="preserve">
+    <value>Follow the steps from Duo to finish logging in.</value>
+  </data>
+  <data name="LaunchDuo" xml:space="preserve">
+    <value>Launch Duo</value>
+  </data>
 </root>

src/Core/Resources/Localization/AppResources.da.resx

@@ -907,7 +907,7 @@ Skanning vil ske automatisk.</value>
     <value>Kopiér TOTP</value>
   </data>
   <data name="CopyTotpAutomaticallyDescription" xml:space="preserve">
-    <value>Har et login en godkendelsesnøgle, så kopiér TOTP-bekræftelseskoden til udklipsholderen, når login auto-udfyldes.</value>
+    <value>Har et login en godkendelsesnøgle, kopiér da TOTP-bekræftelseskoden til udklipsholderen, når login autoudfyldes.</value>
   </data>
   <data name="CopyTotpAutomatically" xml:space="preserve">
     <value>Kopiér TOTP automatisk</value>
@@ -2128,7 +2128,7 @@ Skanning vil ske automatisk.</value>
     <value>Denne organisation har en virksomhedspolitik, der automatisk tilmelder dig til nulstilling af adgangskode. Tilmelding giver organisationsadministratorer mulighed for at skifte din hovedadgangskode.</value>
   </data>
   <data name="VaultTimeoutPolicyInEffect" xml:space="preserve">
-    <value>Dine organisationspolitikker påvirker din boks-timeout. Maksimum tilladte boks-timeout er {0} time(r) og {1} minut(ter)</value>
+    <value>Organisationspolitikkerne har sat den maksimalt tilladte bokstimeout til {0} tim(er) og {1} minut(ter).</value>
   </data>
   <data name="VaultTimeoutPolicyWithActionInEffect" xml:space="preserve">
     <value>Organisationspolitikkerne påvirker boks-timeout. Maks. tilladt boks-timeout er {0} time(r) og {1} minut(ter). Boks-timeout er pt. sat til {2}.</value>
@@ -2354,7 +2354,7 @@ vælg Tilføj TOTP for at gemme nøglen sikkert</value>
     <value>Godkend loginanmodninger</value>
   </data>
   <data name="UseThisDeviceToApproveLoginRequestsMadeFromOtherDevices" xml:space="preserve">
-    <value>Brug denne enhed til at godkende loginanmodninger fra andre enheder.</value>
+    <value>Brug denne enhed til at godkende loginanmodninger fra andre enheder</value>
   </data>
   <data name="AllowNotifications" xml:space="preserve">
     <value>Tillad notifikationer</value>
@@ -2668,7 +2668,7 @@ Vil du skifte til denne konto?</value>
     <value>Hjælp til genanmodning om hovedadgangskode</value>
   </data>
   <data name="UnlockingMayFailDueToInsufficientMemoryDecreaseYourKDFMemorySettingsToResolve" xml:space="preserve">
-    <value>Unlocking may fail due to insufficient memory. Decrease your KDF memory settings or set up biometric unlock to resolve.</value>
+    <value>Oplåsning kan fejle grundet utilstrækkelig hukommelse. Reducér KDF-hukommelsesindstillinger eller opsæt biometrisk oplåsning for at afhjælpe.</value>
   </data>
   <data name="InvalidAPIKey" xml:space="preserve">
     <value>Ugyldig API-nøgle</value>
@@ -2876,4 +2876,13 @@ Vil du skifte til denne konto?</value>
   <data name="SetUpAnUnlockOptionToChangeYourVaultTimeoutAction" xml:space="preserve">
     <value>Opsæt en oplåsningsmetode for at ændre Bokstimeouthandlingen.</value>
   </data>
+  <data name="DuoTwoStepLoginIsRequiredForYourAccount" xml:space="preserve">
+    <value>Duo-totrinsindlogning kræves for kontoen. </value>
+  </data>
+  <data name="FollowTheStepsFromDuoToFinishLoggingIn" xml:space="preserve">
+    <value>Følg trinnene fra Duo for at færdiggøre indlogningen.</value>
+  </data>
+  <data name="LaunchDuo" xml:space="preserve">
+    <value>Start Duo</value>
+  </data>
 </root>

src/Core/Resources/Localization/AppResources.de.resx

@@ -2875,4 +2875,13 @@ Möchtest du zu diesem Konto wechseln?</value>
   <data name="SetUpAnUnlockOptionToChangeYourVaultTimeoutAction" xml:space="preserve">
     <value>Richte eine Entsperroption ein, um deine Aktion bei Tresor-Timeout zu ändern.</value>
   </data>
+  <data name="DuoTwoStepLoginIsRequiredForYourAccount" xml:space="preserve">
+    <value>Für dein Konto ist die Duo Zwei-Faktor-Authentifizierung erforderlich. </value>
+  </data>
+  <data name="FollowTheStepsFromDuoToFinishLoggingIn" xml:space="preserve">
+    <value>Folge den Schritten von Duo, um die Anmeldung abzuschließen.</value>
+  </data>
+  <data name="LaunchDuo" xml:space="preserve">
+    <value>Duo starten</value>
+  </data>
 </root>

src/Core/Resources/Localization/AppResources.el.resx

@@ -2820,7 +2820,7 @@
     <value>Συνέχεια στην επικοινωνία με την υποστήριξη;</value>
   </data>
   <data name="ContinueToPrivacyPolicy" xml:space="preserve">
-    <value>Continue to privacy policy?</value>
+    <value>Συνέχεια στην πολιτική απορρήτου;</value>
   </data>
   <data name="ContinueToAppStore" xml:space="preserve">
     <value>Συνέχεια στο κατάστημα εφαρμογών;</value>
@@ -2842,7 +2842,7 @@
     <value>Δεν μπορείτε να βρείτε αυτό που ψάχνετε; Επικοινωνήστε με την υποστήριξη Bitwarden στο bitwarden.com.</value>
   </data>
   <data name="PrivacyPolicyDescriptionLong" xml:space="preserve">
-    <value>Check out our privacy policy on bitwarden.com.</value>
+    <value>Δείτε την πολιτική απορρήτου μας στο bitwarden.com.</value>
   </data>
   <data name="ExploreMoreFeaturesOfYourBitwardenAccountOnTheWebApp" xml:space="preserve">
     <value>Εξερευνήστε περισσότερες δυνατότητες του Bitwarden λογαριασμού σας, στην εφαρμογή διαδικτύου.</value>
@@ -2875,4 +2875,13 @@
   <data name="SetUpAnUnlockOptionToChangeYourVaultTimeoutAction" xml:space="preserve">
     <value>Ρυθμίστε μια επιλογή κλειδώματος για να αλλάξετε την ενέργεια στη λήξη χρόνου του vault σας.</value>
   </data>
+  <data name="DuoTwoStepLoginIsRequiredForYourAccount" xml:space="preserve">
+    <value>Duo two-step login is required for your account. </value>
+  </data>
+  <data name="FollowTheStepsFromDuoToFinishLoggingIn" xml:space="preserve">
+    <value>Follow the steps from Duo to finish logging in.</value>
+  </data>
+  <data name="LaunchDuo" xml:space="preserve">
+    <value>Launch Duo</value>
+  </data>
 </root>

src/Core/Resources/Localization/AppResources.en-GB.resx

@@ -2876,4 +2876,13 @@ Do you want to switch to this account?</value>
   <data name="SetUpAnUnlockOptionToChangeYourVaultTimeoutAction" xml:space="preserve">
     <value>Set up an unlock option to change your vault timeout action.</value>
   </data>
+  <data name="DuoTwoStepLoginIsRequiredForYourAccount" xml:space="preserve">
+    <value>Duo two-step login is required for your account. </value>
+  </data>
+  <data name="FollowTheStepsFromDuoToFinishLoggingIn" xml:space="preserve">
+    <value>Follow the steps from Duo to finish logging in.</value>
+  </data>
+  <data name="LaunchDuo" xml:space="preserve">
+    <value>Launch Duo</value>
+  </data>
 </root>

src/Core/Resources/Localization/AppResources.en-IN.resx

@@ -2890,4 +2890,13 @@ Do you want to switch to this account?</value>
   <data name="SetUpAnUnlockOptionToChangeYourVaultTimeoutAction" xml:space="preserve">
     <value>Set up an unlock option to change your vault timeout action.</value>
   </data>
+  <data name="DuoTwoStepLoginIsRequiredForYourAccount" xml:space="preserve">
+    <value>Duo two-step login is required for your account. </value>
+  </data>
+  <data name="FollowTheStepsFromDuoToFinishLoggingIn" xml:space="preserve">
+    <value>Follow the steps from Duo to finish logging in.</value>
+  </data>
+  <data name="LaunchDuo" xml:space="preserve">
+    <value>Launch Duo</value>
+  </data>
 </root>

src/Core/Resources/Localization/AppResources.es.resx

@@ -2878,4 +2878,13 @@ seleccione Agregar TOTP para almacenar la clave de forma segura</value>
   <data name="SetUpAnUnlockOptionToChangeYourVaultTimeoutAction" xml:space="preserve">
     <value>Configura una opción de desbloqueo para cambiar tu acción de tiempo de espera de tu caja fuerte.</value>
   </data>
+  <data name="DuoTwoStepLoginIsRequiredForYourAccount" xml:space="preserve">
+    <value>Duo two-step login is required for your account. </value>
+  </data>
+  <data name="FollowTheStepsFromDuoToFinishLoggingIn" xml:space="preserve">
+    <value>Follow the steps from Duo to finish logging in.</value>
+  </data>
+  <data name="LaunchDuo" xml:space="preserve">
+    <value>Launch Duo</value>
+  </data>
 </root>

src/Core/Resources/Localization/AppResources.et.resx

@@ -2876,4 +2876,13 @@ Soovid selle konto peale lülituda?</value>
   <data name="SetUpAnUnlockOptionToChangeYourVaultTimeoutAction" xml:space="preserve">
     <value>Set up an unlock option to change your vault timeout action.</value>
   </data>
+  <data name="DuoTwoStepLoginIsRequiredForYourAccount" xml:space="preserve">
+    <value>Duo two-step login is required for your account. </value>
+  </data>
+  <data name="FollowTheStepsFromDuoToFinishLoggingIn" xml:space="preserve">
+    <value>Follow the steps from Duo to finish logging in.</value>
+  </data>
+  <data name="LaunchDuo" xml:space="preserve">
+    <value>Launch Duo</value>
+  </data>
 </root>

src/Core/Resources/Localization/AppResources.eu.resx

@@ -2875,4 +2875,13 @@ Kontu honetara aldatu nahi duzu?</value>
   <data name="SetUpAnUnlockOptionToChangeYourVaultTimeoutAction" xml:space="preserve">
     <value>Set up an unlock option to change your vault timeout action.</value>
   </data>
+  <data name="DuoTwoStepLoginIsRequiredForYourAccount" xml:space="preserve">
+    <value>Duo two-step login is required for your account. </value>
+  </data>
+  <data name="FollowTheStepsFromDuoToFinishLoggingIn" xml:space="preserve">
+    <value>Follow the steps from Duo to finish logging in.</value>
+  </data>
+  <data name="LaunchDuo" xml:space="preserve">
+    <value>Launch Duo</value>
+  </data>
 </root>

src/Core/Resources/Localization/AppResources.fa.resx

@@ -2877,4 +2877,13 @@
   <data name="SetUpAnUnlockOptionToChangeYourVaultTimeoutAction" xml:space="preserve">
     <value>Set up an unlock option to change your vault timeout action.</value>
   </data>
+  <data name="DuoTwoStepLoginIsRequiredForYourAccount" xml:space="preserve">
+    <value>Duo two-step login is required for your account. </value>
+  </data>
+  <data name="FollowTheStepsFromDuoToFinishLoggingIn" xml:space="preserve">
+    <value>Follow the steps from Duo to finish logging in.</value>
+  </data>
+  <data name="LaunchDuo" xml:space="preserve">
+    <value>Launch Duo</value>
+  </data>
 </root>