Passkey Manager sample

Code Sample
12/12/2024

This sample demonstrates how to integrate a third-party passkey manager with the Windows platform using WebAuthn Plugin APIs.

Registering the passkey manager app as a COM object in the system registry.
Implementing the IPluginAuthenticator interface for managing webauthn credentials.
Using the WebAuthNPluginAddAuthenticator API to add the plugin authenticator.
Handling credential creation requests from webauthn clients.
Managing credential metadata with WebAuthNPluginAuthenticatorAddCredentials and WebAuthNPluginAuthenticatorRemoveCredentials.
Performing user verification using Windows Hello with WebAuthNPluginPerformUv.
Updating plugin authenticator details with WebAuthNPluginUpdateAuthenticatorDetails.
Removing the plugin authenticator with WebAuthNPluginRemoveAuthenticator.
Responding to system-initiated operations like PluginCancelOperation.

Note The Windows-classic-samples repo contains a variety of code samples that exercise the various programming models, platforms, features, and components available in Windows and/or Windows Server. This repo provides a Visual Studio solution (SLN) file for each sample, along with the source files, assets, resources, and metadata needed to compile and run the sample. For more info about the programming models, platforms, languages, and APIs demonstrated in these samples, check out the documentation on the Windows Dev Center. This sample is provided as-is in order to indicate or demonstrate the functionality of the programming models and feature APIs for Windows and/or Windows Server.

This sample was created for Windows 11 Insider Edition Beta Channel 10.0.22635.4515 using Visual Studio and the Windows SDK 10.0.26100.1742.

Note: These are experimental APIs and are not guaranteed to be included in future versions of Windows.

Operating system requirements

Windows 11 Insider Edition Beta Channel. Build Major Version = 22635 and Minor Version >= 4515.

Windows Insider Program

To sign up for the Windows Insider Program (WIP) you must register here: Windows Insider Program.
Once you have signed up for WIP, go to Settings > Windows Update > WIP and select Beta channel. Video instructions: https://www.microsoft.com/en-us/videoplayer/embed/RW1kR8G?download=false

Build the sample

Download Prerequisites

Download the cbor-lite directory and copy it into the include directory of the sample.
Download the webauthn directory and copy it into the include directory of the sample.

Fill in the plugin information.

Use guidgen.exe to generate a new GUID for the plugin.
Open Package.appxmanifest and replace the Clsid with the new GUID. Also, replace the DisplayName and PublisherDisplayName with your plugin's name and your organization's name.
Open the PluginManagement/PluginRegistrationManager.h file and fill in the plugin's Name, AAGUID, RpId, and Clsid fields with your plugin information.

Build

Install the Windows SDK version 10.0.26100.1742 or higher.
Open the solution (.sln) file titled PasskeyManager.sln from Visual Studio.
Press Ctrl+Shift+B or select Build > Build Solution.

Run the sample

Press F5 or select Debug > Start Debugging. To run the sample without debugging, press Ctrl+F5 or select Debug > Start Without Debugging.

Things to try with the sample:

Use the Register button to register the plugin on the system.
Go to Settings > Accounts > Passkeys > Advanced Options and enable Contoso Passkey Manager.
Create a new passkey.
- Visit webauthn test websites, like https://webauthn.io, or use test accounts on websites like github.com, linkedin.com, or amazon.com.
- Press Continue when asked to save the passkey to Contoso Passkey Manager.
- Or pick out Contoso Passkey Manager from the list of authenticators"
Click the Add Passkeys button to add your new passkeys to the system cache.
- Look out for the Autofill label next to the username in the Passkeys list.
On supported browsers like Edge and Chrome visit websites that support autofill for passkeys.
- Click on the username or password text input fields to see the autofill dropdown show up.
- Your new passkey should show up in the dropdown.
You can also delete the passkey from the system cache by clicking on the Delete Passkeys button.
Use Simulate Vault Unlock toggle to switch between using the new WebAuthNPluginPerformUv and other existing methods to invoke a Windows Hello prompt.
Use the Minimize UI toggle to hide the plugin UI prompt asking confirmation during the make Save passkey and Sign in with passkey flow.

Files

PluginAuthenticatorImpl.cpp/.h These files implement the PluginAuthenticator interface for managing WebAuthn credentials.

PluginRegistrationManager.cpp/.h These files handle the registration, unregistration, and state management of the plugin authenticator using WebAuthn Plugin APIs.

PluginCredentialManager.cpp/.h These files manage the addition and removal of plugin credentials using WebAuthn Plugin APIs, including handling credential metadata and interfacing with the WebAuthNPluginAuthenticatorAddCredentials API.

App.xaml.cpp/.h These files initialize the application, handle the main application lifecycle events, and manage the registration of the plugin as a COM object, including setting up the main window and handling plugin operations.

GetAssertion.xaml.cpp/.h These files handle the user interface and logic for the "Get Assertion" operation in the passkey manager. They manage the retrieval and display of credentials, handle user interactions for selecting credentials, and perform the necessary actions to complete or cancel the plugin operation.

MakeCredentialPage.xaml.cpp/.h These files manage the user interface and logic for the "Make Credential" operation in the passkey manager. They handle the creation of new credentials, manage user interactions for confirming or canceling the operation, and update the UI based on the success or failure of the credential creation process.

webauthn

microsoft/webauthn

cbor-lite

webauthn.io

To get a copy of Windows, go to Downloads and tools.

To get a copy of Visual Studio, go to Visual Studio Downloads.