Skip to content

Add SpanContext support to PasskeyWebListener and WebViewAuthorizationFragment, Fixes AB#3470497 #2850

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
p3dr0rv wants to merge 6 commits into from
Closed

Add SpanContext support to PasskeyWebListener and WebViewAuthorizationFragment, Fixes AB#3470497 #2850

Show file tree
Hide file tree
Changes from 2 commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
79cd570
Add SpanContext support to PasskeyWebListener and WebViewAuthorizatio…
p3dr0rv Dec 31, 2025
c4fe69f
Add SpanContext support to PasskeyWebListener and WebViewAuthorizatio…
p3dr0rv Dec 31, 2025
5475353
kdoc
p3dr0rv Dec 31, 2025
a578feb
Make spanContext parameter optional in PasskeyWebListener and update …
p3dr0rv Dec 31, 2025
e465deb
Fix spanContext retrieval in WebViewAuthorizationFragment to use requ…
p3dr0rv Dec 31, 2025
590c850
Merge branch 'dev' into pedroro/passkey-spancontext
p3dr0rv Jan 22, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions changelog.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
vNext
----------
- [MINOR] Add SpanContext support to PasskeyWebListener and WebViewAuthorizationFragment (#2850)
- [MINOR] Add additional allowed origins for PasskeyWebListener (#2839)
- [PATCH] Add JavascriptInterface rules to consumer proguard rules (#2837)
- [MINOR] Add optimized saveAndLoadAggregatedAccountData method in BrokerOAuth2TokenCache (#2832)
Expand Down
19 changes: 15 additions & 4 deletions ...c/main/java/com/microsoft/identity/common/internal/providers/oauth2/PasskeyWebListener.kt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,7 @@ import com.microsoft.identity.common.BuildConfig
import com.microsoft.identity.common.internal.ui.webview.AzureActiveDirectoryWebViewClient
import com.microsoft.identity.common.java.exception.ClientException
import com.microsoft.identity.common.logging.Logger
import io.opentelemetry.api.trace.SpanContext
import kotlinx.coroutines.CoroutineScope
import kotlinx.coroutines.Dispatchers
import kotlinx.coroutines.launch
Expand All @@ -55,6 +56,7 @@ import java.util.concurrent.atomic.AtomicBoolean
class PasskeyWebListener(
private val coroutineScope: CoroutineScope,
private val credentialManagerHandler: CredentialManagerHandler,
private val spanContext: SpanContext?
) : WebViewCompat.WebMessageListener {

/** Tracks if a WebAuthN request is currently pending. Only one request is allowed at a time. */
Expand Down Expand Up @@ -106,7 +108,11 @@ class PasskeyWebListener(
methodTag,
"Received WebAuthN request of type: ${webAuthNMessage.type} from origin: $sourceOrigin"
)
val passkeyReplyChannel = PasskeyReplyChannel(javaScriptReplyProxy, webAuthNMessage.type)
val passkeyReplyChannel = PasskeyReplyChannel(
Copy link
Contributor

@melissaahn melissaahn Dec 31, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Where is spanContext then being used to parent the new span?

replyProxy = javaScriptReplyProxy,
requestType = webAuthNMessage.type,
spanContext = spanContext
)

// Only allow one request at a time.
if (havePendingRequest.get()) {
Expand Down Expand Up @@ -228,7 +234,10 @@ class PasskeyWebListener(
messageData: String?,
javaScriptReplyProxy: JavaScriptReplyProxy
): WebAuthNMessage? {
val passkeyReplyChannel = PasskeyReplyChannel(javaScriptReplyProxy)
val passkeyReplyChannel = PasskeyReplyChannel(
replyProxy = javaScriptReplyProxy,
spanContext = spanContext
)
return runCatching {
if (messageData.isNullOrBlank()) {
throw ClientException(ClientException.MISSING_PARAMETER, "Message data is null or blank")
Expand Down Expand Up @@ -306,7 +315,8 @@ class PasskeyWebListener(
fun hook(
webView: WebView,
activity: Activity,
webClient: AzureActiveDirectoryWebViewClient
webClient: AzureActiveDirectoryWebViewClient,
spanContext: SpanContext?
): Boolean {
val methodTag = "$TAG:hook"

Expand All @@ -330,7 +340,8 @@ class PasskeyWebListener(
PasskeyOriginRulesManager.getAllowedOriginRules(),
PasskeyWebListener(
coroutineScope = CoroutineScope(Dispatchers.Default),
credentialManagerHandler = CredentialManagerHandler(activity)
credentialManagerHandler = CredentialManagerHandler(activity),
spanContext = spanContext
)
)

Expand Down
3 changes: 2 additions & 1 deletion ...com/microsoft/identity/common/internal/providers/oauth2/WebViewAuthorizationFragment.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -490,7 +490,8 @@ private void setupPasskeyWebListener(@NonNull final WebView webView,
final String methodTag = TAG + ":setupPasskeyWebListener";
final String passkeyProtocolHeader = mRequestHeaders.get(FidoConstants.PASSKEY_PROTOCOL_HEADER_NAME);
if (FidoConstants.PASSKEY_PROTOCOL_HEADER_AUTH_AND_REG.equals(passkeyProtocolHeader)) {
final boolean passkeyWebListenerHooked = PasskeyWebListener.hook(webView, requireActivity(), webViewClient);
final SpanContext spanContext = getActivity() instanceof AuthorizationActivity ? ((AuthorizationActivity) getActivity()).getSpanContext() : null;
final boolean passkeyWebListenerHooked = PasskeyWebListener.hook(webView, requireActivity(), webViewClient, spanContext);
if (!passkeyWebListenerHooked) {
Logger.warn(methodTag, "PasskeyWebListener hook failed, Downgrading to auth only.");
// Downgrade to auth only
Expand Down
Loading