View as markdown
Copy for LLM Open in ChatGPT Open in Claude Open in Perplexity

WebAuthn

Experimental

This domain allows configuring virtual authenticators to test the WebAuthn API.

Commands

WebAuthn.enable

Enable the WebAuthn domain and start intercepting credential storage and
retrieval with a virtual authenticator.

Parameters
Name Type Description
enableUI (optional) boolean Whether to enable the WebAuthn user interface. Enabling the UI is
recommended for debugging and demo purposes, as it is closer to the real
experience. Disabling the UI is recommended for automated testing.
Supported at the embedder's discretion if UI is available.
Defaults to false.

WebAuthn.disable

Disable the WebAuthn domain.

WebAuthn.addVirtualAuthenticator

Creates and adds a virtual authenticator.

Parameters
Name Type Description
options VirtualAuthenticatorOptions
Return Object
Name Type Description
authenticatorId AuthenticatorId

WebAuthn.setResponseOverrideBits

Resets parameters isBogusSignature, isBadUV, isBadUP to false if they are not present.

Parameters
Name Type Description
authenticatorId AuthenticatorId
isBogusSignature (optional) boolean If isBogusSignature is set, overrides the signature in the authenticator response to be zero.
Defaults to false.
isBadUV (optional) boolean If isBadUV is set, overrides the UV bit in the flags in the authenticator response to
be zero. Defaults to false.
isBadUP (optional) boolean If isBadUP is set, overrides the UP bit in the flags in the authenticator response to
be zero. Defaults to false.

WebAuthn.removeVirtualAuthenticator

Removes the given authenticator.

Parameters
Name Type Description
authenticatorId AuthenticatorId

WebAuthn.addCredential

Adds the credential to the specified authenticator.

Parameters
Name Type Description
authenticatorId AuthenticatorId
credential Credential

WebAuthn.getCredential

Returns a single credential stored in the given virtual authenticator that
matches the credential ID.

Parameters
Name Type Description
authenticatorId AuthenticatorId
credentialId binary
Return Object
Name Type Description
credential Credential

WebAuthn.getCredentials

Returns all the credentials stored in the given virtual authenticator.

Parameters
Name Type Description
authenticatorId AuthenticatorId
Return Object
Name Type Description
credentials array<Credential>

WebAuthn.removeCredential

Removes a credential from the authenticator.

Parameters
Name Type Description
authenticatorId AuthenticatorId
credentialId binary

WebAuthn.clearCredentials

Clears all the credentials from the specified device.

Parameters
Name Type Description
authenticatorId AuthenticatorId

WebAuthn.setUserVerified

Sets whether User Verification succeeds or fails for an authenticator.
The default is true.

Parameters
Name Type Description
authenticatorId AuthenticatorId
isUserVerified boolean

WebAuthn.setAutomaticPresenceSimulation

Sets whether tests of user presence will succeed immediately (if true) or fail to resolve (if false) for an authenticator.
The default is true.

Parameters
Name Type Description
authenticatorId AuthenticatorId
enabled boolean

WebAuthn.setCredentialProperties

Allows setting credential properties.
https://w3c.github.io/webauthn/#sctn-automation-set-credential-properties

Parameters
Name Type Description
authenticatorId AuthenticatorId
credentialId binary
backupEligibility (optional) boolean
backupState (optional) boolean

Events

WebAuthn.credentialAdded

Triggered when a credential is added to an authenticator.

Parameters
Name Type Description
authenticatorId AuthenticatorId
credential Credential

WebAuthn.credentialDeleted

Triggered when a credential is deleted, e.g. through
PublicKeyCredential.signalUnknownCredential().

Parameters
Name Type Description
authenticatorId AuthenticatorId
credentialId binary

WebAuthn.credentialUpdated

Triggered when a credential is updated, e.g. through
PublicKeyCredential.signalCurrentUserDetails().

Parameters
Name Type Description
authenticatorId AuthenticatorId
credential Credential

WebAuthn.credentialAsserted

Triggered when a credential is used in a webauthn assertion.

Parameters
Name Type Description
authenticatorId AuthenticatorId
credential Credential

Types

AuthenticatorId

(string)

AuthenticatorProtocol

(string)
Allowed Values
  • u2f
  • ctap2

Ctap2Version

(string)
Allowed Values
  • ctap2_0
  • ctap2_1

AuthenticatorTransport

(string)
Allowed Values
  • usb
  • nfc
  • ble
  • cable
  • internal

VirtualAuthenticatorOptions

(object)
Properties
Name Type Description
protocol AuthenticatorProtocol
ctap2Version (optional) Ctap2Version Defaults to ctap2_0. Ignored if |protocol| == u2f.
transport AuthenticatorTransport
hasResidentKey (optional) boolean Defaults to false.
hasUserVerification (optional) boolean Defaults to false.
hasLargeBlob (optional) boolean If set to true, the authenticator will support the largeBlob extension.
https://w3c.github.io/webauthn#largeBlob
Defaults to false.
hasCredBlob (optional) boolean If set to true, the authenticator will support the credBlob extension.
https://fidoalliance.org/specs/fido-v2.1-rd-20201208/fido-client-to-authenticator-protocol-v2.1-rd-20201208.html#sctn-credBlob-extension
Defaults to false.
hasMinPinLength (optional) boolean If set to true, the authenticator will support the minPinLength extension.
https://fidoalliance.org/specs/fido-v2.1-ps-20210615/fido-client-to-authenticator-protocol-v2.1-ps-20210615.html#sctn-minpinlength-extension
Defaults to false.
hasPrf (optional) boolean If set to true, the authenticator will support the prf extension.
https://w3c.github.io/webauthn/#prf-extension
Defaults to false.
automaticPresenceSimulation (optional) boolean If set to true, tests of user presence will succeed immediately.
Otherwise, they will not be resolved. Defaults to true.
isUserVerified (optional) boolean Sets whether User Verification succeeds or fails for an authenticator.
Defaults to false.
defaultBackupEligibility (optional) boolean Credentials created by this authenticator will have the backup
eligibility (BE) flag set to this value. Defaults to false.
https://w3c.github.io/webauthn/#sctn-credential-backup
defaultBackupState (optional) boolean Credentials created by this authenticator will have the backup state
(BS) flag set to this value. Defaults to false.
https://w3c.github.io/webauthn/#sctn-credential-backup

Credential

(object)
Properties
Name Type Description
credentialId binary
isResidentCredential boolean
rpId (optional) string Relying Party ID the credential is scoped to. Must be set when adding a
credential.
privateKey binary The ECDSA P-256 private key in PKCS#8 format.
userHandle (optional) binary An opaque byte sequence with a maximum size of 64 bytes mapping the
credential to a specific user.
signCount integer Signature counter. This is incremented by one for each successful
assertion.
See https://w3c.github.io/webauthn/#signature-counter
largeBlob (optional) binary The large blob associated with the credential.
See https://w3c.github.io/webauthn/#sctn-large-blob-extension
backupEligibility (optional) boolean Assertions returned by this credential will have the backup eligibility
(BE) flag set to this value. Defaults to the authenticator's
defaultBackupEligibility value.
backupState (optional) boolean Assertions returned by this credential will have the backup state (BS)
flag set to this value. Defaults to the authenticator's
defaultBackupState value.
userName (optional) string The credential's user.name property. Equivalent to empty if not set.
https://w3c.github.io/webauthn/#dom-publickeycredentialentity-name
userDisplayName (optional) string The credential's user.displayName property. Equivalent to empty if
not set.
https://w3c.github.io/webauthn/#dom-publickeycredentialuserentity-displayname

Summary