Full Integration Testing (in dotnet, preferably)

[Trolldemorted]

I am considering using webauthn/fido2-net-lib for a project, but I couldn't find documentation that covers whether I can fully test the registration/login flow with a real user agent. Can I do that more or less easily, preferably with a normal dotnet HttpClient?

[aseigler]

Did you see the demo site? It's the code behind https://passwordless.dev. Or maybe I am misunderstanding the question.

[Trolldemorted]

I think you are - I require a dotnet api which implements a FIDO2 authenticator (the client's side of things), and can easily be combined with dotnet's HttpClient. Testing non-passwordless web apis with simulated user agents are straightforward (POST to the login endpoint with the correct credentials, extract cookie/token), but with FIDO2's cryptographic handshake it is not.

https://passwordless.dev is a nice demo for a server project, but I didn't find any tests that covered the entire registration->login->logout workflow with a "real" webauthn client.

[abergs]

Depending on how you define "real" that would be difficult, since a "real" Authenticator needs to verify User Presence etc.

Our unit test does test assertion with pre-determined payloads, you could have a look on those and see if it would be suitable.

I haven't seen a .net software Authenticator, but then I haven't really looked.