Share via

Passkey Manager sample

Browse code Download ZIP

This sample demonstrates how to integrate a third-party passkey manager with the Windows platform using WebAuthn Plugin APIs. This sample assumes familiarity with webauthn credentials.

  • Registering the passkey manager app as a COM object in the system registry.
  • Implementing the IPluginAuthenticator interface for managing webauthn credentials.
  • Using the WebAuthNPluginAddAuthenticator API to add the plugin authenticator.
  • Handling credential creation requests from webauthn clients.
  • Managing credential metadata with WebAuthNPluginAuthenticatorAddCredentials and WebAuthNPluginAuthenticatorRemoveCredentials.
  • Performing user verification using Windows Hello with WebAuthNPluginPerformUserVerification.
  • Updating plugin authenticator details with WebAuthNPluginUpdateAuthenticatorDetails.
  • Removing the plugin authenticator with WebAuthNPluginRemoveAuthenticator.
  • Responding to system-initiated operations like CancelOperation and rendering the plugin status with a callback.

Note The Windows-classic-samples repo contains a variety of code samples that exercise the various programming models, platforms, features, and components available in Windows and/or Windows Server. This repo provides a Visual Studio solution (SLN) file for each sample, along with the source files, assets, resources, and metadata needed to compile and run the sample. For more info about the programming models, platforms, languages, and APIs demonstrated in these samples, check out the documentation on the Windows Dev Center. This sample is provided as-is in order to indicate or demonstrate the functionality of the programming models and feature APIs for Windows and/or Windows Server.

SDK requirements

Windows SDK version 10.0.26100.7175 or higher.

Operating system requirements

Windows 11 version 25H2. Build Major Version = 26200 and Minor Version >= 6725. Windows 11 version 24H2. Build Major Version = 26100 and Minor Version >= 6725.

Build the sample

Download Prerequisites

The PasskeyManager.vcxproj project file contains a custom MSBuild target (EnsureExternalHeaders) to download these files. If for some reason the task is not running successfully, you can download the files manually.

  • Download the header files from the cbor-lite directory and copy them into the include\cbor-lite directory of the sample.

Fill in the plugin information.

  • Use guidgen.exe to generate a new GUID for the plugin.
  • Open Package.appxmanifest and replace the Clsid with the new GUID. Also, replace the DisplayName and PublisherDisplayName with your plugin's name and your organization's name.
  • Open the PluginAuthenticator/PluginAuthenticatorImpl.h file and fill in the same Clsid from Package.appxmanifest.
  • Open the PluginManagement/PluginRegistrationManager.h file and fill in the plugin's Name, AAGUID and RpId fields with your plugin information.

Build

  • Install the Windows SDK version 10.0.26100.7175 or higher.
  • Open the solution (.sln) file titled PasskeyManager.sln from Visual Studio.
  • Press Ctrl+Shift+B or select Build > Build Solution.

Run the sample

Press F5 or select Debug > Start Debugging. To run the sample without debugging, press Ctrl+F5 or select Debug > Start Without Debugging.

Things to try with the sample:

  • Click the Register button to register the plugin on the system.

  • Click the Enable button to open up Settings and enable Contoso Passkey Manager.

    • Alternatively, manually go to Settings > Accounts > Passkeys > Advanced Options and enable Contoso Passkey Manager.

  • Create a new passkey.

    • Visit webauthn test websites, like https://webauthn.io, or use test accounts on websites like github.com, linkedin.com, or amazon.com.
    • Press Continue when asked to save the passkey to Contoso Passkey Manager.
    • Or pick out Contoso Passkey Manager from the list of authenticators.

  • Once created, the passkey should also have been added to the system cache.

    • Look out for the Autofill label next to the username in the Passkeys list.
    • Click the Refresh button in Contoso to refresh the view.
    • On supported browsers like Edge and Chrome, visit websites that support autofill for passkeys.
      • Click on the username or password text input fields to see the autofill dropdown show up.
      • Your new passkey should show up in the dropdown.

  • You can also delete the passkey from the system cache by clicking on the Delete button.

    • Click the Add button to add your passkeys back to the system cache.

  • Use the Vault Unlocked button toggle to switch between using the new WebAuthNPluginPerformUserVerification and other existing methods to invoke a Windows Hello prompt.

  • Use the Minimize UI toggle to hide the plugin UI prompt asking for confirmation during the Save passkey and Sign-in with passkey flows.

Files

PluginAuthenticatorImpl.cpp/.h These files implement the PluginAuthenticator interface for managing WebAuthn credentials.

PluginRegistrationManager.cpp/.h These files handle the registration, unregistration, and state management of the plugin authenticator using WebAuthn Plugin APIs.

PluginCredentialManager.cpp/.h These files manage the addition and removal of plugin credentials using WebAuthn Plugin APIs, including handling credential metadata and interfacing with the WebAuthNPluginAuthenticatorAddCredentials API.

App.xaml.cpp/.h These files initialize the application, handle the main application lifecycle events, and manage the registration of the plugin as a COM object, including setting up the main window and handling plugin operations.

GetAssertion.xaml.cpp/.h These files handle the user interface and logic for the "Get Assertion" operation in the passkey manager. They manage the retrieval and display of credentials, handle user interactions for selecting credentials, and perform the necessary actions to complete or cancel the plugin operation.

MakeCredentialPage.xaml.cpp/.h These files manage the user interface and logic for the "Make Credential" operation in the passkey manager. They handle the creation of new credentials, manage user interactions for confirming or canceling the operation, and update the UI based on the success or failure of the credential creation process.

webauthn

microsoft/webauthn

cbor-lite

webauthn.io

To get a copy of Windows, go to Downloads and tools.

To get a copy of Visual Studio, go to Visual Studio Downloads.