Emulate authenticators and debug WebAuthn
Instead of debugging Web Authentication in your website or app with physical authenticators, use the WebAuthn tool to create and interact with software-based virtual authenticators.
By using the WebAuthn tool, you can do the following without relying on physical authenticators:
- Emulate authenticators.
- Customize attributes of authenticators.
- Inspect states of authenticators.
You can emulate authenticators and debug the Web Authentication API by using the WebAuthn tool.
Set up the WebAuthn tool
Go to a webpage that uses WebAuthn. For example, open the following demo website in a new browser window or tab: try-webauthn.appspot.com.
Sign into the website.
To open DevTools, right-click the webpage, and then select Inspect. Or, press Ctrl+Shift+I (Windows, Linux) or Command+Option+I (macOS). DevTools opens.
In DevTools, on the main toolbar, select the WebAuthn tab. If that tab isn't visible, click the More tabs () button, or else the More Tools () button.
The WebAuthn tool opens:
In the WebAuthn tool, select the Enable virtual authenticator environment checkbox. A new section named New authenticator is displayed:
In the New authenticator section, configure the following options:
Option Value Details Protocol
ctap2 or u2f The protocol the virtual authenticator uses for encoding and decoding Transport
usb
,nfc
,ble
, orinternal
The virtual authenticator simulates the selected transport for communicating with clients in order to obtain an assertion for a specific credential. See Authenticator Transport Enumeration Supports resident keys
Turn on (or off) using the checkbox Turn on if your web app relies on resident keys (also known as client-side discoverable credentials). See Resident Key Requirement Enumeration. Supports user verification
Turn on (or off) using the checkbox Turn on if your web app relies on local authorization using gesture modalities like touch plus pin code, password entry, or biometric recognition. See User Verification Click the Add button.
A new section of your newly created authenticator is displayed:
The Authenticator section includes a Credentials table. The table is empty until a credential is registered to the authenticator:
Register a new credential
To register a new credential:
On the demo website, click Register new credential.
A new credential is now added to the Credentials table in the WebAuthn tool:
On the demo website, click the Authenticate button. Verify that the Sign Count of the credential in the Credentials table increased by 1, which marks a successful authenticatorGetAssertion operation.
For more information about what the Web Authentication API is doing when registering a new credential, see Create a New Credential.
Export and remove credentials
To export or remove a credential, click the Export or Remove button.
Rename an authenticator
To rename an authenticator:
Next to the authenticator name, click the Edit button.
Edit the name, then press Enter to save the changes.
Set the active authenticator
A newly created authenticator is automatically activated. To use another virtual authenticator, click the Active radio button next to the authenticator.
DevTools supports only one active virtual authenticator at any point of time. If you remove the active authenticator, another authenticator isn't automatically activated.
Remove a virtual authenticator
To remove a virtual authenticator, next to the authenticator, click the Remove button.
Note
Portions of this page are modifications based on work created and shared by Google and used according to terms described in the Creative Commons Attribution 4.0 International License. The original page is found here and is authored by Jecelyn Yeen.
This work is licensed under a Creative Commons Attribution 4.0 International License.