starred/vaultwarden
1
0
Fork 0
mirror of https://github.com/dani-garcia/vaultwarden.git synced 2026-04-26 01:35:54 +03:00
Code Issues 39 Projects Releases 5 Packages Wiki Activity

[GH-ISSUE #591] Question: Mobile app forks, what does it take? #389

New issue
Closed
opened 2026-03-03 01:28:40 +03:00 by kerem · 6 comments
kerem commented 2026-03-03 01:28:40 +03:00
Owner
Copy link

Originally created by @grahamPegNetwork on GitHub (Aug 28, 2019).
Original GitHub issue: https://github.com/dani-garcia/vaultwarden/issues/591

Hi there, I read several other issues discussing mobile sync and how either BitWarden would need to add functionality to their mobile apps, or they may need to be forked to handle notifications.

From what I understand, the upstream mobile applications use push notifications and somehow utilize firebase messaging/apple's (??).

  1. How much work would be involved in forking (main maintaining ideally...) the apps to:
    A. Refer to a bitwarden_rs server (potentially what is happening in #443 ? )
    B. Handle websocket connections? (probably horrible for battery drain come to think about it)
    C. Simply run periodic polls to see if things need to sync. I don't really care if my phone is up to date to the second, as long as it gets changes within 5-15 minutes, and I don't have to manually trigger it.

I get iOS is challenging, I feel like with the right resources I should be able to build an APK with my server hardcoded in and distribute it to friends/family, right?

Originally created by @grahamPegNetwork on GitHub (Aug 28, 2019). Original GitHub issue: https://github.com/dani-garcia/vaultwarden/issues/591 Hi there, I read several other issues discussing mobile sync and how either BitWarden would need to add functionality to their mobile apps, or they may need to be forked to handle notifications. From what I understand, the upstream mobile applications use push notifications and somehow utilize firebase messaging/apple's (??). 1. How much work would be involved in forking (main maintaining ideally...) the apps to: A. Refer to a bitwarden_rs server (potentially what is happening in #443 ? ) B. Handle websocket connections? (probably horrible for battery drain come to think about it) C. Simply run periodic polls to see if things need to sync. I don't really care if my phone is up to date to the second, as long as it gets changes within 5-15 minutes, and I don't have to manually trigger it. I get iOS is challenging, I feel like with the right resources I should be able to build an APK with my server hardcoded in and distribute it to friends/family, right?
kerem closed this issue 2026-03-03 01:28:40 +03:00
kerem commented 2026-03-03 01:28:41 +03:00
Author
Owner
Copy link

@grahamPegNetwork commented on GitHub (Aug 28, 2019):

Semi related (regarding sync):
What would it take to allow a server to register itself with BitWarden just like the self hosted version? As much as I would want 100% of my own infrastructure for notifications, hosting and sync, I did notice that the self hosted version handled syncing within seconds via the push notifications. All I did was register an installation ID. I won't make assumptions about how exactly the self hosted server triggers those notifications, but it happens somehow. I would love to 1. Figure out how to make the same thing happen with bitwarden_rs and 2. Run my own backend notification server that ultimately works with mobile.

/end brain dump

<!-- gh-comment-id:525607512 --> @grahamPegNetwork commented on GitHub (Aug 28, 2019): Semi related (regarding sync): What would it take to allow a server to register itself with BitWarden just like the self hosted version? As much as I would want 100% of my own infrastructure for notifications, hosting and sync, I did notice that the self hosted version handled syncing within seconds via the push notifications. All I did was register an installation ID. I won't make assumptions about how exactly the self hosted server triggers those notifications, but it happens somehow. I would love to 1. Figure out how to make the same thing happen with bitwarden_rs and 2. Run my own backend notification server that ultimately works with mobile. /end brain dump
kerem commented 2026-03-03 01:28:41 +03:00
Author
Owner
Copy link

@dani-garcia commented on GitHub (Aug 28, 2019):

Well I never looked into it super deep but as far as I know the clients communicate with the notifications.bitwarden.com endpoint when making changes and then the server contacts firebase or apple push notification services which are the ones that send the notification to the client.

To replace it with our own would imply switching the hardcoded endpoint URL to bitwarden's service and point to an instance of our own, which we'd have to create, and changing the push notification services API keys on the apps code. Also the push notification connection might be tied to the app store listing, which might mean it won't be configurable like the server URLs are currently, not sure about that one.

Background websockets are probably impossible in iOS and would probably mean having a constantly running service on Android, with a notification open so the system doesn't kill it, as you say that can't be good for the battery.

Forcing a sync every so often could be reasonable, for example every time the app is open and if it hasn't synced in X time, trigger another sync. In theory the app already does this I think, but not sure what's the syncing logic (It might have been removed now that push notifications are here).

If we used upstream's server with a self hosted installation id that could work, but that would be still using the official server (though I don't think any sensitive data is sent). That said, that system is meant for the official self hosted solution, so I'm not sure about doing that unless we get the green light from the bitwarden devs.

<!-- gh-comment-id:525852101 --> @dani-garcia commented on GitHub (Aug 28, 2019): Well I never looked into it super deep but as far as I know the clients communicate with the `notifications.bitwarden.com` endpoint when making changes and then the server contacts firebase or apple push notification services which are the ones that send the notification to the client. To replace it with our own would imply switching the hardcoded endpoint URL to bitwarden's service and point to an instance of our own, which we'd have to create, and changing the push notification services API keys on the apps code. Also the push notification connection might be tied to the app store listing, which might mean it won't be configurable like the server URLs are currently, not sure about that one. Background websockets are probably impossible in iOS and would probably mean having a constantly running service on Android, with a notification open so the system doesn't kill it, as you say that can't be good for the battery. Forcing a sync every so often could be reasonable, for example every time the app is open and if it hasn't synced in X time, trigger another sync. In theory the app already does this I think, but not sure what's the syncing logic (It might have been removed now that push notifications are here). If we used upstream's server with a self hosted installation id that could work, but that would be still using the official server (though I don't think any sensitive data is sent). That said, that system is meant for the official self hosted solution, so I'm not sure about doing that unless we get the green light from the bitwarden devs.
kerem commented 2026-03-03 01:28:41 +03:00
Author
Owner
Copy link

@grahamPegNetwork commented on GitHub (Aug 28, 2019):

Okay good info. I was thinking of building the app and passing in the endpoint URL as part of the build process. I suppose it could be possible, if desired to run a single forked app for bitwarden_rs, however that would require some sort of registration/relay allowing _rs installations to push a notification through a main _rs server. Not ideal, but it would create the possibility of using an app store push notification. It would also require developer accounts/licenses, whatever those cost.

Regarding app based sync, I think it may be disabled like you said, due to push notifications. I intentionally kept some entries out of sync when testing and even locking/unlocking the app (and extension) did not result in a sync. (extension related to my websocket issues, unrelated)
I think the only way I could get mobile to update was A. Manual sync B. Log out / back in C. Maybe restart?

Regarding the last point, yes, I would ideally not like to use their servers, mainly due to keeping full isolation from their system, not relating to any privacy concerns.

Regarding push notifications, is it possible to use push notifications for sideloaded apps? I'm not sure if relying on google for notifications is the same thing as having an app store listing.

All in all, I feel like in terms of options, ranked from easiest to hardest:

  1. Using BW servers would be easiest for end users/admins alike if permitted. Maybe a conversation could be started, it doesn't hurt to ask.
  2. Forking the app and running a bitwarden_rs notification server would be a secondary option that puts the weight on bitwarden_rs rather than the end administrator. Forking apps would be slightly more complexity but at least they could be on the various marketplaces
  3. Running fully independent and sideloaded apps - I'm not 100% this would even work with push notifications unless each individual registered with the appropriate powers. (account fees would be greater than a collective donation to maintain option 2 most likely)

So step 1: Have a conversation, step 2 discuss options/funding for option 2 if step 1 fails.

<!-- gh-comment-id:525877935 --> @grahamPegNetwork commented on GitHub (Aug 28, 2019): Okay good info. I was thinking of building the app and passing in the endpoint URL as part of the build process. I suppose it could be possible, if desired to run a single forked app for bitwarden_rs, however that would require some sort of registration/relay allowing _rs installations to push a notification through a main _rs server. Not ideal, but it would create the possibility of using an app store push notification. It would also require developer accounts/licenses, whatever those cost. Regarding app based sync, I think it may be disabled like you said, due to push notifications. I intentionally kept some entries out of sync when testing and even locking/unlocking the app (and extension) did not result in a sync. (extension related to my websocket issues, unrelated) I think the only way I could get mobile to update was A. Manual sync B. Log out / back in C. Maybe restart? Regarding the last point, yes, I would ideally not like to use their servers, mainly due to keeping full isolation from their system, not relating to any privacy concerns. Regarding push notifications, is it possible to use push notifications for sideloaded apps? I'm not sure if relying on google for notifications is the same thing as having an app store listing. All in all, I feel like in terms of options, ranked from easiest to hardest: 1. Using BW servers would be easiest for end users/admins alike if permitted. Maybe a conversation could be started, it doesn't hurt to ask. 2. Forking the app and running a bitwarden_rs notification server would be a secondary option that puts the weight on bitwarden_rs rather than the end administrator. Forking apps would be slightly more complexity but at least they could be on the various marketplaces 3. Running fully independent and sideloaded apps - I'm not 100% this would even work with push notifications unless each individual registered with the appropriate powers. (account fees would be greater than a collective donation to maintain option 2 most likely) So step 1: Have a conversation, step 2 discuss options/funding for option 2 if step 1 fails.
kerem commented 2026-03-03 01:28:41 +03:00
Author
Owner
Copy link

@mprasil commented on GitHub (Oct 11, 2019):

This feels like way out of scope of the bitwarden_rs project and should be closed. I'd love to see some independent 3rd party client implementations, but perhaps this is not the right project to do this under?

<!-- gh-comment-id:541002043 --> @mprasil commented on GitHub (Oct 11, 2019): This feels like way out of scope of the `bitwarden_rs` project and should be closed. I'd love to see some independent 3rd party client implementations, but perhaps this is not the right project to do this under?
kerem commented 2026-03-03 01:28:41 +03:00
Author
Owner
Copy link

@grahamPegNetwork commented on GitHub (Oct 18, 2019):

I see where you're coming from and I'm not sure I entirely agree.

When it comes to the official BW code and clients they have things handled. Sure, I could see somebody coming up with a 3rd party client, but I'd have to ask why. Even if you're using BitBetter I believe you're using their servers and the push notifications would work. (that was the main issue originally discussed)

The need for a 3rd party client relates to how _rs is an independent project/implementation of BW and does not rely on their servers. While I agree that other people forking the project may benefit from a client, as far as I can imagine, this seems like an issue limited to the _rs project.

I could be wrong, I mean if somebody forked BW entirely and wanted to run their own centralized registration servers they could, and would in turn need what is being discussed. That said, I haven't heard about anyone trying to do this and feel like it would at least be steered primarily by _rs people.

<!-- gh-comment-id:543531076 --> @grahamPegNetwork commented on GitHub (Oct 18, 2019): I see where you're coming from and I'm not sure I entirely agree. When it comes to the official BW code and clients they have things handled. Sure, I could see somebody coming up with a 3rd party client, but I'd have to ask why. Even if you're using BitBetter I believe you're using their servers and the push notifications would work. (that was the main issue originally discussed) The need for a 3rd party client relates to how _rs is an independent project/implementation of BW and does not rely on their servers. While I agree that other people forking the project may benefit from a client, as far as I can imagine, this seems like an issue limited to the _rs project. I could be wrong, I mean if somebody forked BW entirely and wanted to run their own centralized registration servers they could, and would in turn need what is being discussed. That said, I haven't heard about anyone trying to do this and *feel* like it would at least be steered primarily by _rs people.
kerem commented 2026-03-03 01:28:41 +03:00
Author
Owner
Copy link

@mprasil commented on GitHub (Nov 11, 2019):

I'm going to close this as it feels a bit out of scope of this project. I don't think we have enough capacity to work on this. Obviously if anyone is interested, they are very welcome to submit a PR.

<!-- gh-comment-id:552399796 --> @mprasil commented on GitHub (Nov 11, 2019): I'm going to close this as it feels a bit out of scope of this project. I don't think we have enough capacity to work on this. Obviously if anyone is interested, they are very welcome to submit a PR.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
revert-7033-patch-1
cached-config-operations
test_dylint
1.35.8
1.35.7
1.35.6
1.35.5
1.35.4
1.35.3
1.35.2
1.35.1
1.35.0
1.34.3
1.34.2
1.34.1
1.34.0
1.33.2
1.33.1
1.33.0
1.32.7
1.32.6
1.32.5
1.32.4
1.32.3
1.32.2
1.32.1
1.32.0
1.31.0
1.30.5
1.30.4
1.30.3
1.30.2
1.30.1
1.30.0
1.29.2
1.29.1
1.29.0
1.28.1
1.28.0
1.27.0
1.26.0
1.25.2
1.25.1
1.25.0
1.24.0
1.23.1
1.23.0
1.22.2
1.22.1
1.22.0
1.21.0
1.20.0
1.19.0
1.18.0
1.17.0
1.16.3
1.16.2
1.16.1
1.16.0
1.15.1
1.15.0
1.14.2
1.14.1
1.14
1.13.1
1.13.0
1.12.0
1.11.0
1.10.0
1.9.1
1.9.0
1.8.0
1.7.0
1.6.1
1.6.0
1.5.0
1.4.0
1.3.0
1.2.0
1.1.0
1.0.0
0.13.0
0.12.0
0.11.0
0.10.0
0.9.0
Labels
Clear labels   
SSO

   
Third party

   
better for forum

   
bug

   
bug

   
documentation

   
duplicate

   
enhancement

   
future Vault

   
future Vault

   
future Vault

   
good first issue

   
help wanted

   
low priority

   
notes

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
troubleshooting

   
wontfix
No labels
SSO
Third party
better for forum
bug
bug
documentation
duplicate
enhancement
future Vault
future Vault
future Vault
good first issue
help wanted
low priority
notes
pull-request
question
troubleshooting
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/vaultwarden#389
No description provided.