You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
feat(webauthn): include credentials in storageState
Capture the context's virtual WebAuthn credentials with
`storageState({ credentials: true })`, and restore them (installing the
authenticator) when a storage state is supplied via the `storageState`
option or `setStorageState`.
Set to `true` to include the context's virtual WebAuthn [`property: BrowserContext.credentials`] (passkeys) in the storage
1574
+
state snapshot. The captured credentials carry their private keys, so they can be re-seeded into a later context via the
1575
+
[`option: Browser.newContext.storageState`] option or [`method: BrowserContext.setStorageState`].
1576
+
Note that restoring the storage state that contains credentials will automatically install the virtual WebAuthn authenticator (see [`method: Credentials.install`]), and prevent all real authenticators from working in this context.
1577
+
1569
1578
## async method: BrowserContext.setStorageState
1570
1579
* since: v1.59
1571
1580
1572
-
Clears the existing cookies, local storage and IndexedDB entries for all origins and sets the new storage state.
1581
+
Clears the existing cookies, local storage, IndexedDB entries and virtual WebAuthn credentials, and sets the new storage
1582
+
state. When the storage state contains credentials, the virtual WebAuthn authenticator is installed (equivalent to
1583
+
[`method: Credentials.install`]), preventing all real authenticators from working in this context.
Copy file name to clipboardExpand all lines: docs/src/api/class-credentials.md
+10-5Lines changed: 10 additions & 5 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -5,14 +5,15 @@
5
5
register passkeys and answer `navigator.credentials.create()` / `navigator.credentials.get()`
6
6
ceremonies in the page, without a real authenticator or hardware security key.
7
7
8
-
There are two common ways to use it:
8
+
There are three common ways to use it:
9
9
10
10
-**Seed a known credential.** The passkey already exists — for example, your backend provisioned
11
11
it for a test user. Import it with [`method: Credentials.create`] so the app under test can sign
12
12
in right away. See the first example below.
13
13
-**Capture a credential, then reuse it.** Let the app register a passkey once in a setup test,
14
-
read it back with [`method: Credentials.get`], and seed it into later tests — the same way
15
-
[`method: BrowserContext.storageState`] reuses signed-in state. See the second example below.
14
+
read it back with [`method: Credentials.get`], and seed it into later tests. See the second example below.
15
+
-**Save credentials in the storage state, restore later.** Let the app register a passkey in a
16
+
setup test and save it as part of the storage state by setting [`option: BrowserContext.storageState.credentials`]. See [authentication guide](../auth.md) for examples.
Copy file name to clipboardExpand all lines: docs/src/auth.md
+3-71Lines changed: 3 additions & 71 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -271,9 +271,9 @@ existing authentication state instead.
271
271
Playwright provides a way to reuse the signed-in state in the tests. That way you can log
272
272
in only once and then skip the log in step for all of the tests.
273
273
274
-
Web apps use cookie-based or token-based authentication, where authenticated state is stored as [cookies](https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies), in [local storage](https://developer.mozilla.org/en-US/docs/Web/API/Storage) or in [IndexedDB](https://developer.mozilla.org/en-US/docs/Web/API/IndexedDB_API). Playwright provides [`method: BrowserContext.storageState`] method that can be used to retrieve storage state from authenticated contexts and then create new contexts with prepopulated state.
274
+
Web apps use cookie-based or token-based authentication, where authenticated state is stored as [cookies](https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies), in [local storage](https://developer.mozilla.org/en-US/docs/Web/API/Storage), in [IndexedDB](https://developer.mozilla.org/en-US/docs/Web/API/IndexedDB_API), or as passkeys ([WebAuthn](https://developer.mozilla.org/en-US/docs/Web/API/Web_Authentication_API) credentials). Playwright provides [`method: BrowserContext.storageState`] method that can be used to retrieve storage state from authenticated contexts and then create new contexts with prepopulated state.
275
275
276
-
Cookies, local storageand IndexedDB state can be used across different browsers. They depend on your application's authentication model which may require some combination of cookies, local storageor IndexedDB.
276
+
Cookies, local storage, IndexedDB and virtual WebAuthn credentials (passkeys) can be used across different browsers. They depend on your application's authentication model which may require some combination of cookies, local storage, IndexedDB or passkeys.
277
277
278
278
The following code snippet retrieves state from an authenticated context and creates a new context with that state.
- Your app signs users in with passkeys (WebAuthn), and you want tests to start already enrolled.
405
-
406
-
**Details**
407
-
408
-
[`property: BrowserContext.credentials`] is a virtual WebAuthn authenticator. Unlike cookie or local storage state, a passkey is seeded **imperatively** with [`method: Credentials.create`] and [`method: Credentials.install`], so it lives in a [`context` fixture override](./test-fixtures.md#overriding-fixtures) rather than in the `storageState` config option.
409
-
410
-
If your backend already provisioned a passkey for the test user, seed it directly — no setup project required:
411
-
412
-
```js title="playwright/fixtures.ts"
413
-
import { testasbaseTest } from'@playwright/test';
414
-
export*from'@playwright/test';
415
-
416
-
exportconsttest=baseTest.extend({
417
-
context:async ({ context }, use) => {
418
-
// A passkey your backend provisioned for the test user.
419
-
awaitcontext.credentials.create('example.com', {
420
-
id:process.env.PASSKEY_ID,
421
-
userHandle:process.env.PASSKEY_USER_HANDLE,
422
-
privateKey:process.env.PASSKEY_PRIVATE_KEY,
423
-
publicKey:process.env.PASSKEY_PUBLIC_KEY,
424
-
});
425
-
awaitcontext.credentials.install();
426
-
awaituse(context);
427
-
},
428
-
});
429
-
```
430
-
431
-
Otherwise, let the app register a passkey once in a [setup project](#basic-shared-account-in-all-tests), capture it with [`method: Credentials.get`], and save it to disk:
Declare the `setup` project as a [dependency](./test-projects.md#dependencies) of your testing projects, just like in the [basic flow](#basic-shared-account-in-all-tests). The saved `passkey.json` contains a private key, so keep it under `playwright/.auth` and out of source control (see [Core concepts](#core-concepts)).
Reusing authenticated state covers [cookies](https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies), [local storage](https://developer.mozilla.org/en-US/docs/Web/API/Storage) and [IndexedDB](https://developer.mozilla.org/en-US/docs/Web/API/IndexedDB_API) based authentication. Rarely, [session storage](https://developer.mozilla.org/en-US/docs/Web/API/Window/sessionStorage) is used for storing information associated with the signed-in state. Session storage is specific to a particular domain and is not persisted across page loads. Playwright does not provide API to persist session storage, but the following snippet can be used to save/load session storage.
591
+
Reusing authenticated state covers [cookies](https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies), [local storage](https://developer.mozilla.org/en-US/docs/Web/API/Storage), [IndexedDB](https://developer.mozilla.org/en-US/docs/Web/API/IndexedDB_API) and passkey ([WebAuthn](https://developer.mozilla.org/en-US/docs/Web/API/Web_Authentication_API)) based authentication. Rarely, [session storage](https://developer.mozilla.org/en-US/docs/Web/API/Window/sessionStorage) is used for storing information associated with the signed-in state. Session storage is specific to a particular domain and is not persisted across page loads. Playwright does not provide API to persist session storage, but the following snippet can be used to save/load session storage.
0 commit comments