[🚀 Feature]: Add virtual authenticator support for all Selenium language bindings #10541
Description
Feature and motivation
Applications often integrate WebAuthn as part of the login step. This triggers a WebAuthn browser-specific WebAuthn flow.
Example of WebAuthn in Chrome:
Automating interaction with the WebAuthn dialog, as shown above, is possible via the extension VirtualAuthenticator APIs defined as part of https://w3c.github.io/webauthn/#sctn-automation.
Implementation
Implementation for Java was added as part of #7760 and #7842. The rest of the language bindings need to add the relevant code and can refer to the Java implementation for guidance.
An outline of implementing VirtualAuthenticator
- VirtualAuthenticatorOptions (this is used when adding the VirtualAuthenticator)
- Credential (The credentials to be used by the VirtualAuthenticator)
- List of methods (which call the WebDriver commands) and the respective parameters required:
- addVirtualAuthenticator(VirtualAuthenticatorOptions options) - Returns an authenticator id as a string
- removeVirtualAuthenticator (String authenticatorId)
- addCredential(Credential credential, String authenticatorId)
- getCredentials(String authenticatorId) - Returns a Map<String,Object>
- removeCredential(byte[] credentialId, String authenticatorId)
- removeCredential(String credentialId, String authenticatorId)
- removeAllCredentials(String authenticatorId)
- setUserVerified(boolean verified, String authenticatorId)
Refer:
Tests are defined in https://github.com/SeleniumHQ/selenium/blob/trunk/java/test/org/openqa/selenium/virtualauthenticator/VirtualAuthenticatorTest.java
Note: Currently, only chromium-based browsers implement the WebAuthn APIs. Though Java does not do it, till the rest of the vendors implement it might be a good idea for the VirtualAuthenticator APIs to sit in the chromium section of each binding (similar to the current implementation of Permissions API).
C#
It can follow the Java implementation since both are strongly typed. C# binding has similar interface declarations as Java for existing features (example: HasPermissions).
Ruby
All extension APIs are defined in https://github.com/SeleniumHQ/selenium/tree/39dec028673260e8a9518898fe40a910426adc85/rb/lib/selenium/webdriver/common/driver_extensions. Similarly, has_virtualauthenticator interface can be implemented and added here and used in the chromium module.
Python
Chromium-specific Selenium commands in python are in https://github.com/SeleniumHQ/selenium/blob/trunk/py/selenium/webdriver/chromium/webdriver.py
VirtualAuthenticator commands can be added here and authentication id can be defined as a local variable.
Javascript
Chromium-specific Selenium commands in javascript are in https://github.com/SeleniumHQ/selenium/blob/trunk/javascript/node/selenium-webdriver/chromium.js
VirtualAuthenticator commands can be added here and authentication id can be defined as a local variable.
Usage example
A sample java example:
WebDriver driver = new ChromeDriver();
HasVirtualAuthenticator virtualAuthenticatorManager = ((HasVirtualAuthenticator) driver);
VirtualAuthenticatorOptions options = new VirtualAuthenticatorOptions();
options.setIsUserConsenting(true);
options.setProtocol(VirtualAuthenticatorOptions.Protocol.U2F);
options.setTransport(VirtualAuthenticatorOptions.Transport.USB);
VirtualAuthenticator authenticator = virtualAuthenticatorManager.addVirtualAuthenticator(options);
authenticator.setUserVerified(true);