Automatically start detection (without text input) at prompt

[gerwalk]

I'm using Hyprland on Arch Linux and have got Howdy configured with a model added and have been trying to get it to work with my setup. My ultimate goal is to enable Howdy for my login manager (greetd) and lock screen (hyprlock) but for now I have also enabled it at sudo prompts via /etc/pam.d/system-auth to help with testing.

In all cases, after configuring the relevant pam.d file according to the steps in the Arch Wiki and everywhere else I can find, the workflow is like this:

1. Prompt appears (login/lock screen, or sudo prompt in terminal)
2. Webcam does not turn on
3. I must type a password into the corresponding input field and press enter (an incorrect password is fine)
4. AFTER pressing enter, webcam light turns on
5. Howdy recognizes me, and I authenticate

This process seems to completely defeat the purpose of using facial recognition as a convenient alternative to typing a password. I want to eliminate Steps 2-4 entirely so that Howdy will automatically start scanning for my face the moment the authentication prompt appears. Ideally, I should still be able to use my password if the detection fails.

Here are the corresponding pam.d files for reference:
hyprlock:

# PAM configuration file for hyprlock
# the 'login' configuration file (see /etc/pam.d/login)

auth        sufficient  pam_unix.so try_first_pass likeauth nullok
auth	   sufficient  /lib/security/pam_howdy.so
auth        include     login

greetd:

#%PAM-1.0

auth 	  sufficient   pam_unix.so try_first_pass likeauth nullok
auth       sufficient   /lib/security/pam_howdy.py
auth       required     pam_securetty.so
auth       requisite    pam_nologin.so
auth       include      system-local-login
account    include      system-local-login
session    include      system-local-login

system-auth (as shared here: hyprwm/hyprlock#497 (comment))

#%PAM-1.0

auth       required                    pam_faillock.so      preauth
# Optionally use requisite above if you do not want to prompt for the password
# on locked accounts.
-auth      [success=3 default=ignore]  pam_systemd_home.so
auth       [success=2 default=ignore]  pam_unix.so          try_first_pass nullok
auth       [success=1 default=bad]     /lib/security/pam_howdy.so try_first_pass
auth       [default=die]               pam_faillock.so      authfail
auth       optional                    pam_permit.so
auth       required                    pam_env.so
auth       required                    pam_faillock.so      authsucc
# If you drop the above call to pam_faillock.so the lock will be done also
# on non-consecutive authentication failures.

-account   [success=1 default=ignore]  pam_systemd_home.so
account    required                    pam_unix.so
account    optional                    pam_permit.so
account    required                    pam_time.so

-password  [success=1 default=ignore]  pam_systemd_home.so
password   required                    pam_unix.so          try_first_pass nullok shadow
password   optional                    pam_permit.so

-session   optional                    pam_systemd_home.so
session    required                    pam_limits.so
session    required                    pam_unix.so
session    optional                    pam_permit.so

[gerwalk]

After doing a little bit more research, and reading about SDDM's issues with fingerprint unlock it sounds like potentially the root problem here is lack of multiple parallel PAM sessions invoked by the login or lock screen utility, but I can't be sure. One of SDDM's contributors thinks if they implement "async PAM" this would solve this issue of "needing to press enter first" for all biometric authentication. But I don't know enough to be able to confirm that. I'd like to hear a Howdy dev's take on this subject.