test(davinci-client): virtual authenticator e2e tests

Author: ancheetah

e2e/davinci-app/components/fido.ts

@@ -0,0 +1,66 @@
+/*
+ * Copyright (c) 2025 Ping Identity Corporation. All rights reserved.
+ *
+ * This software may be modified and distributed under the terms
+ * of the MIT license. See the LICENSE file for details.
+ */
+import type {
+  FidoRegistrationCollector,
+  FidoAuthenticationCollector,
+  Updater,
+  FidoClient,
+} from '@forgerock/davinci-client/types';
+
+export default function fidoComponent(
+  formEl: HTMLFormElement,
+  collector: FidoRegistrationCollector | FidoAuthenticationCollector,
+  updater: Updater<FidoRegistrationCollector | FidoAuthenticationCollector>,
+  fidoApi: FidoClient,
+  submitForm: () => Promise<void>,
+) {
+  if (collector.type === 'FidoRegistrationCollector') {
+    const button = document.createElement('button');
+    button.type = 'button';
+    button.value = collector.output.key;
+    button.innerHTML = 'FIDO Register';
+    formEl.appendChild(button);
+
+    button.onclick = async () => {
+      const credentialOptions = collector.output.config.publicKeyCredentialCreationOptions;
+      const response = await fidoApi.register(credentialOptions);
+      console.log('fido.register response:', response);
+      if ('error' in response) {
+        console.error(response);
+      } else {
+        const error = updater(response);
+        if (error && 'error' in error) {
+          console.error(error.error.message);
+        } else {
+          await submitForm();
+        }
+      }
+    };
+  } else if (collector.type === 'FidoAuthenticationCollector') {
+    const button = document.createElement('button');
+    button.type = 'button';
+    button.value = collector.output.key;
+    button.innerHTML = 'FIDO Authenticate';
+    formEl.appendChild(button);
+
+    button.onclick = async () => {
+      const credentialOptions = collector.output.config.publicKeyCredentialRequestOptions;
+      const response = await fidoApi.authenticate(credentialOptions);
+      console.log('fido.authenticate response:', response);
+      if ('error' in response) {
+        console.error(response);
+      } else {
+        const error = updater(response);
+        if (error && 'error' in error) {
+          console.error(error.error.message);
+        } else {
+          await submitForm();
+        }
+      }
+    };
+  }
+}

e2e/davinci-app/main.ts

@@ -7,7 +7,7 @@
 import './style.css';
 
 import { Config, FRUser, TokenManager } from '@forgerock/javascript-sdk';
-import { davinci } from '@forgerock/davinci-client';
+import { davinci, fido } from '@forgerock/davinci-client';
 import type {
   CustomLogger,
   DaVinciConfig,
@@ -31,6 +31,7 @@ import singleValueComponent from './components/single-value.js';
 import multiValueComponent from './components/multi-value.js';
 import labelComponent from './components/label.js';
 import objectValueComponent from './components/object-value.js';
+import fidoComponent from './components/fido.js';
 
 const loggerFn = {
   error: () => {
@@ -81,13 +82,14 @@ const urlParams = new URLSearchParams(window.location.search);
 
 (async () => {
   const davinciClient: DavinciClient = await davinci({ config, logger, requestMiddleware });
-  const protectAPI = protect({ envId: '02fb4743-189a-4bc7-9d6c-a919edfe6447' });
+  const protectApi = protect({ envId: '02fb4743-189a-4bc7-9d6c-a919edfe6447' });
+  const fidoApi = fido();
   const continueToken = urlParams.get('continueToken');
   const formEl = document.getElementById('form') as HTMLFormElement;
   let resumed: InternalErrorResponse | NodeStates | undefined;
 
   // Initialize Protect
-  const error = await protectAPI.start();
+  const error = await protectApi.start();
   if (error?.error) {
     console.error('Error starting Protect:', error.error);
   }
@@ -251,6 +253,17 @@ const urlParams = new URLSearchParams(window.location.search);
         );
       } else if (collector.type === 'IdpCollector') {
         socialLoginButtonComponent(formEl, collector, davinciClient.externalIdp());
+      } else if (
+        collector.type === 'FidoRegistrationCollector' ||
+        collector.type === 'FidoAuthenticationCollector'
+      ) {
+        fidoComponent(
+          formEl, // You can ignore this; it's just for rendering
+          collector, // This is the plain object of the collector
+          davinciClient.update(collector), // Returns an update function for this collector
+          fidoApi, // FIDO module for interacting with WebAuthn API
+          submitForm,
+        );
       } else if (collector.type === 'FlowCollector') {
         flowLinkComponent(
           formEl, // You can ignore this; it's just for rendering
@@ -278,7 +291,7 @@ const urlParams = new URLSearchParams(window.location.search);
   }
 
   async function updateProtectCollector(protectCollector: ProtectCollector) {
-    const data = await protectAPI.getData();
+    const data = await protectApi.getData();
     if (typeof data !== 'string' && 'error' in data) {
       console.error(`Failed to retrieve data from PingOne Protect: ${data.error}`);
       return;

e2e/davinci-suites/src/fido.test.ts

@@ -0,0 +1,84 @@
+import { test, expect, CDPSession } from '@playwright/test';
+import { asyncEvents } from './utils/async-events.js';
+import { password, username } from './utils/demo-user.js';
+
+test.use({ browserName: 'chromium' }); // ensure CDP/WebAuthn is available
+
+let cdp: CDPSession | undefined;
+let authenticatorId: string | undefined;
+
+test.beforeEach(async ({ context, page }) => {
+  cdp = await context.newCDPSession(page);
+  await cdp.send('WebAuthn.enable');
+
+  // A "platform" authenticator (aka internal) with UV+RK enabled is the usual default for passkeys.
+  const response = await cdp.send('WebAuthn.addVirtualAuthenticator', {
+    options: {
+      protocol: 'ctap2',
+      transport: 'internal', // platform authenticator
+      hasResidentKey: true, // allow discoverable credentials (passkeys)
+      hasUserVerification: true, // device supports UV
+      isUserVerified: true, // simulate successful UV (PIN/biometric)
+      automaticPresenceSimulation: true, // auto "touch"/presence
+    },
+  });
+  authenticatorId = response.authenticatorId;
+});
+
+test.afterEach(async () => {
+  await cdp.send('WebAuthn.removeVirtualAuthenticator', { authenticatorId });
+  await cdp.send('WebAuthn.disable');
+});
+
+test('Register and authenticate with webauthn device', async ({ page }) => {
+  const { navigate } = asyncEvents(page);
+
+  await navigate('https://aj-test.pi.scrd.run:5829/?acr_values=ccff5c09002042bd86104da45cd7102e');
+  await expect(page).toHaveURL(
+    'https://aj-test.pi.scrd.run:5829/?acr_values=ccff5c09002042bd86104da45cd7102e',
+  );
+  await expect(page.getByText('FIDO2 Test Form')).toBeVisible();
+
+  await page.getByRole('button', { name: 'USER_LOGIN' }).click();
+  await page.getByLabel('Username').fill(username);
+  await page.getByLabel('Password').fill(password);
+  await page.getByRole('button', { name: 'Sign On' }).click();
+
+  // Register WebAuthn credential
+  const { credentials: intialCredentials } = await cdp.send('WebAuthn.getCredentials', {
+    authenticatorId,
+  });
+  await expect(intialCredentials).toHaveLength(0);
+
+  await page.getByRole('button', { name: 'DEVICE_REGISTRATION' }).click();
+  await page.getByRole('button', { name: 'Biometrics/Security Key' }).click();
+  await page.getByRole('button', { name: 'FIDO Register' }).click();
+
+  const { credentials: recordedCredentials } = await cdp.send('WebAuthn.getCredentials', {
+    authenticatorId,
+  });
+  await expect(recordedCredentials).toHaveLength(1);
+
+  await page.getByRole('button', { name: 'Continue' }).click();
+
+  // Verify we're back at home page if successful
+  await expect(page.getByText('FIDO2 Test Form')).toBeVisible();
+
+  // Authenticate with the registered WebAuthn credential
+  const initialSignCount = recordedCredentials[0].signCount;
+
+  await page.getByRole('button', { name: 'DEVICE_AUTHENTICATION' }).click();
+  await page.getByRole('button', { name: 'Biometrics/Security Key' }).last().click();
+  await page.getByRole('button', { name: 'FIDO Authenticate' }).click();
+
+  const credentialsAfterAuth = await cdp.send('WebAuthn.getCredentials', {
+    authenticatorId,
+  });
+  await expect(credentialsAfterAuth.credentials).toHaveLength(1);
+
+  // Signature counter should have incremented after successful authentication/assertion
+  await expect(credentialsAfterAuth.credentials[0].signCount).toBeGreaterThan(initialSignCount);
+
+  // Verify we're back at home page if successful
+  await expect(page.getByText('FIDO2 Test Form')).toBeVisible();
+});