New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Feature Request: WebAuthn/FIDO2 testing via virtual authenticators #6991
Comments
I was able to implement this using the chrome debugger, using code examples from the Google virtual authenticator extension and @gabbersepp blog post on how to access the low level API in Cypress. For anyone curious, you can see the result in the script here and the setup as plugin here. Should we aim to have this documented or put it into the sink? Having a Cypress-native interaction with the chrome driver might be useful for this as well. |
@JamesCullum Yes, this could potentially work as a example recipe if a good example can be extracted out. |
Most of the software access management contains the facility of authentication with security key and biometric identifications. Having this feature with your product will be a great since now traditional username and password authentications are not much popular. Hope cypress can consider this requirement in high priority. |
2 years have passed since you started this discussion. Is this a reality or still a proposal? |
As mentioned, above is an example that you can use for it. Only thing missing is Cypress adding it as official example. |
@JamesCullum this may be a dumb question, but I'm kind of lost of what should I host on I replicated your
And I'm getting this error: I know you've mentioned the plugin Thanks for sharing your project with us! 😃 |
Hi @JamesCullum, I keep getting this exception, when trying to write e2e tests for biometric registration on my device.I guess I am unable to register the biometric key because of it. how do we overcome this? TIA! |
I was working on webauthn related in cypress, I found actually cypress already provides Cypress.automation for Low level access to Chrome Debugger Protocol, so we don't need to use 3rd party library to do this. here are the code to enable, create and remove virtual authenticator: addVirtualAuthenticator() {
return Cypress.automation("remote:debugger:protocol", {
command: "WebAuthn.enable",
params: {},
}).then((result) => {
console.log("WebAuthn.enable", result);
return Cypress.automation("remote:debugger:protocol", {
command: "WebAuthn.addVirtualAuthenticator",
params: {
options: {
protocol: "ctap2",
transport: "internal",
hasResidentKey: true,
hasUserVerification: true,
isUserVerified: true,
},
},
}).then((result) => {
console.log("WebAuthn.addVirtualAuthenticator", result);
return result.authenticatorId;
});
});
}
removeVirtualAuthenticator(authenticatorId) {
Cypress.automation("remote:debugger:protocol", {
command: "WebAuthn.removeVirtualAuthenticator",
params: {
authenticatorId,
},
}).then((result) => {
console.log("WebAuthn.removeVirtualAuthenticator", result);
});
} |
I wrote a Blogost about how I solved this issue with Cypress, Active Directory and Ping Identity |
Hi, It didn't work for me. WebAuthn.addVirtualAuthenticator didn't return the authenticatorid. result is undefined. is there any additional settings required. However I tried https://webauthn.io to verify, it did open the authenticator pops which doesn't happen if I enable webauthn via UI |
I'm having the save problem as @Brij-M, the WebAuthn commands don't seem to register with the chrome debugger protocol. If I run "WebAuthn.enable" manually from the Protocol monitor, I get the following error: Did Chrome possibly pull support for this? Or am I missing something. Basically wondering if this is still working for others @hcnode @JamesCullum Update: it seems to be working now when using the Cypress.automation API as described. For whatever reason these commands aren't viewable in the monitor, but I am getting the expected responses and able to use the virtual authenticator during a Cypress test. |
Hey @tylerccarson, would you mind posting an example of how you got these working? |
@harrygreen I really didn't add anything novel here except wrapping hcnode's examples in Cypress commands, and fleshing out more functions for adding credentials as well. Chrome's documentation is a good reference for seeing what's possible: CDP Webauthn Here's one example I added for
I found getting the credential after adding to check helpful since like I mentioned, the actual debugger UI doesn't seem to update to reflect the results of these automated commands. |
Current behavior:
Cypress does not support any way to test WebAuthn / FIDO2 flows without mocking the authenticator, which does not allow to test all cryptographic interactions sufficiently. If a valid request is forwarded to the browser, it will be delegated out of the browser and can not be interacted with.
Desired behavior:
Just like Selenium implemented it end of last year, Cypress should offer a way to use the W3C automation API to programatically interact with the browser to manage virtual authenticators that can confirm actions without leaving the browser context.
The text was updated successfully, but these errors were encountered: