-
-
Notifications
You must be signed in to change notification settings - Fork 157
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Full Integration Testing (in dotnet, preferably) #200
Comments
Did you see the demo site? It's the code behind https://passwordless.dev. Or maybe I am misunderstanding the question. |
I think you are - I require a dotnet api which implements a FIDO2 authenticator (the client's side of things), and can easily be combined with dotnet's HttpClient. Testing non-passwordless web apis with simulated user agents are straightforward (POST to the login endpoint with the correct credentials, extract cookie/token), but with FIDO2's cryptographic handshake it is not. https://passwordless.dev is a nice demo for a server project, but I didn't find any tests that covered the entire registration->login->logout workflow with a "real" webauthn client. |
Depending on how you define "real" that would be difficult, since a "real" Authenticator needs to verify User Presence etc. Our unit test does test assertion with pre-determined payloads, you could have a look on those and see if it would be suitable. I haven't seen a .net software Authenticator, but then I haven't really looked. |
I am considering using webauthn/fido2-net-lib for a project, but I couldn't find documentation that covers whether I can fully test the registration/login flow with a real user agent. Can I do that more or less easily, preferably with a normal dotnet HttpClient?
The text was updated successfully, but these errors were encountered: