feat: add WebAuthn virtual authenticator tools #823
Conversation
- Create src/tools/webauthn.ts with enableWebAuthn tool - Export from src/tools/tools.ts - Add basic test in tests/tools/webauthn.test.ts The tool currently does nothing - just returns success message. Next step: implement actual WebAuthn.enable CDP call. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
The webauthn_enable tool now actually calls the CDP WebAuthn.enable command, enabling the virtual authenticator environment. Test verifies this by successfully adding a virtual authenticator after calling the tool. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Implements the ability to add virtual authenticators with configurable: - protocol (u2f, ctap2) - transport (usb, nfc, ble, internal) - hasResidentKey (passkey support) - hasUserVerification - isUserVerified Returns the authenticatorId for use in subsequent operations. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Fix ESLint import/order for type imports in tools.ts - Apply Prettier formatting to webauthn files Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Added tools: - webauthn_remove_authenticator: Remove a virtual authenticator - webauthn_get_credentials: List credentials on an authenticator - webauthn_add_credential: Add a pre-seeded credential - webauthn_clear_credentials: Clear all credentials - webauthn_set_user_verified: Toggle user verification state All tools follow the established pattern using CDP WebAuthn domain. Tests verify each tool works correctly (except add_credential which requires complex key generation - verified schema only). Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Run npm run docs to regenerate tool reference - Update WEBAUTHN_IMPLEMENTATION.md with final status Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add getCDPSession() helper to centralize CDP session access - Add handleWebAuthnError() for user-friendly error messages - Wrap all CDP calls in try/catch blocks - Add specific error handling for addCredential (userHandle, privateKey) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
|
Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA). View this failed invocation of the CLA check for more information. For the most up to date status, view the checks section at the bottom of the pull request. |
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
OrKoN
left a comment
OrKoN
left a comment
There was a problem hiding this comment.
Thanks for the PR! We prefer not to include too much low level CDP code directly into the MCP server. Please use the existing WebAuthN model in the chrome-devtools-frontend dependency (third_party/devtools-frontend/src/front_end/core/sdk/WebAuthnModel.ts) (similar to how source map models are integrated). Alternatively, if the DevTools models do not satisfy the use case for some reason, we should consider adding higher level API into Puppeteer so that it is beneficial beyond the MCP server alone.
It would be great to also file an issue first to allow us to prioritize the feature and understand the use case to perhaps define an API that requires fewer tools.
| - [`webauthn_add_authenticator`](#webauthn_add_authenticator) | ||
| - [`webauthn_add_credential`](#webauthn_add_credential) | ||
| - [`webauthn_clear_credentials`](#webauthn_clear_credentials) | ||
| - [`webauthn_enable`](#webauthn_enable) | ||
| - [`webauthn_get_credentials`](#webauthn_get_credentials) | ||
| - [`webauthn_remove_authenticator`](#webauthn_remove_authenticator) | ||
| - [`webauthn_set_user_verified`](#webauthn_set_user_verified) |
There was a problem hiding this comment.
It looks like we could use a single tool configure_webauthn to configure all of the WebAuthN virtual authenticator state (getting rid of dedicated commands). If WebAuthN is enabled, its status should be returned for all calls (in McpResponse) eliminating a need for get. If any CDP events can be emitted via the user actions on the page, the McpContext should accumulate them automatically and include them in the McpResponse automatically.
| - **[Emulation](#emulation)** (9 tools) | ||
| - [`emulate`](#emulate) | ||
| - [`resize_page`](#resize_page) | ||
| - [`webauthn_add_authenticator`](#webauthn_add_authenticator) |
There was a problem hiding this comment.
we probably want a dedicated category for WebAuthN with a separate CLI flag to control it.
2 participants
Adds 7 new tools exposing the Chrome DevTools Protocol WebAuthn domain for virtual authenticator testing:
webauthn_enablewebauthn_add_authenticatorwebauthn_remove_authenticatorwebauthn_get_credentialswebauthn_add_credentialwebauthn_clear_credentialswebauthn_set_user_verifiedUse Case
Enables automated testing of WebAuthn/passkey flows without physical security keys or platform authenticators (Touch ID, Windows Hello). Useful for:
Implementation
_client()API to access CDP session (same pattern as performance tools)defineTool()and Zod schemasTesting
Verified E2E on webauthn.io - successfully completed passkey registration and authentication flows using virtual authenticator.
🤖 Generated with Claude Code