Need explaining websocket and push notifications

A client talking to a server is standard form of communication. It uses https/TCP.
Server talking to clients without them initiating the talk is very different and new technologies need to be used

To solve this websocket and push notifications are a thing.

How I understand stuff from reading github issues.

  • Push Notifications - exclusive to mobile devices - android and apple mobile devices. I assume that means that when something make change to a server. Server sends push notification to all clients about the changed?

  • Websocket Notifications - for just desktop browsers extensions and desktop application. When a change happen on a server by one of the clients, it is used to tell other clients about the change?

assuming I got it right. The current status is that push notifications dont work and likely wont work, as it would require distributing own version of the apps.

Websocket notifications do work.

What are the benefits of these? What is the danger of not having it?

Benefit is that at any point I am sure that the most up to date version is what I am working in.

Is therea danger that two people might edit or try to create identical entry or something?

To mitigate I should always do sync right before editing on mobile?

How do I test if websocket works?

visiting https://vault.example.net/notifications/hub/ takes me to a site showing some info.
Worth noting that if I dont include the last / behind hub I am taken to a page saying WebSocket Protocol Error: Unable to parse WebSocket key. Intersting that caddy config copied from the reverse proxy setup does not have that trailing slash.

Anyway, I am directly on the servers web, logged in, add new entry and it live immediately show up in the desktop app. Does that mean web sockets are working? As I wrote this, I tested it by commenting out the websocket port line from caddy, reloading config… it still worked strangely… until I closed the desktop app and launch it again. Then new entries appeared only after manual sync.

1 Like

Bitwarden currently doesn’t have a concept of data conflicts or versioning of an entry as a whole (i.e., not just password history). So for example, if you make a change in the browser extension (say, change the password) and then make another change in the mobile app (say, add a URL), then your password change would be lost because the mobile app (when used with bitwarden_rs) wouldn’t have gotten a notification to reload the updated entry. On the other hand, if you made the change in the mobile app later on, after it had done a sync, then there wouldn’t be a problem.

These data conflict/overwrite issues are largely mitigated in the official Bitwarden with the combination of WebSocket and mobile push notifications, but as you noted, bitwarden_rs doesn’t currently support mobile push notifications. It might be possible to add mobile push support for people who have purchased a license from Bitwarden (and thus have a license key), but I’m hypothesizing on this point, and I’m not aware that anyone has investigated the feasibility of this in detail.

Visiting https://vault.example.net/notifications/hub with a web browser is just going to give you Unable to parse WebSocket key, since a web browser won’t attempt to negotiate a WebSocket connection without some JavaScript code doing that specifically.

I usually test WebSocket notifications by just opening two WebSocket-enabled clients (web vault, browser extensions, or desktop app) and pulling up a secure note entry (other types of entries work too) in both clients. If WebSocket notifications are working, when you edit and save changes in one client, the changes should be immediately reflected in the other.

3 Likes

BTW, data loss issues involving out-of-sync clients with stale data overwriting newer data are pretty much fixed as of December 2020. Clients will now include the revision date of the entry they want to update, and if the server finds that the client’s version is older than what it has, then it will reject the update:

@jjlin Thanks for your reply. I was wondering what is really the websocket notifications.

I’ll test my installation with your method. I had a lot of trouble to set the websocket working, or at least I think (I’ll verify this).

It works :smiley: Yes !!
Thanks for your explanations :innocent: