Add passkey autofill

MackinnonBuck · MackinnonBuck · commit 29c008d8d0a3 · 2025-06-13T14:26:54.000-04:00
diff --git a/src/Identity/samples/IdentitySample.PasskeyUI/Components/Pages/Home.razor b/src/Identity/samples/IdentitySample.PasskeyUI/Components/Pages/Home.razor
@@ -10,6 +10,8 @@
 
 <h1>Welcome!</h1>
 
+<PageTitle>Passkey sample</PageTitle>
+
 <p>
     This app demonstrates how to use passkeys for authentication with ASP.NET Core Identity.
 </p>
@@ -27,12 +29,13 @@
 
 <form id="auth-form" method="post" @formname="auth" @onsubmit="OnSubmitAsync">
     <AntiforgeryToken />
-    <input type="text" id="input-username" name="Username" placeholder="username" autocomplete="username webauthn"/>
-    <hr />
-    <input type="hidden" id="input-credential" name="CredentialJson" />
-    <input type="hidden" id="input-action" name="Action" />
-    <button type="submit" id="input-register">Register</button>
-    <button type="submit" id="input-authenticate">Authenticate</button>
+    <div>
+        <input type="text" id="input-username" name="username" placeholder="Username" autocomplete="username webauthn" />
+    </div>
+    <div>
+        <button type="submit" name="action" value="register" id="input-register">Register</button>
+        <button type="submit" name="action" value="authenticate" id="input-authenticate">Authenticate</button>
+    </div>
 </form>
 
 <p id="status-message">@statusMessage</p>
@@ -43,13 +46,13 @@
     [CascadingParameter]
     private HttpContext HttpContext { get; set; } = default!;
 
-    [SupplyParameterFromForm]
+    [SupplyParameterFromForm(Name = "username")]
     private string? Username { get; set; }
 
-    [SupplyParameterFromForm]
+    [SupplyParameterFromForm(Name = "credential")]
     private string? CredentialJson { get; set; }
 
-    [SupplyParameterFromForm]
+    [SupplyParameterFromForm(Name = "action")]
     private string? Action { get; set; }
 
     private Task OnSubmitAsync()
diff --git a/src/Identity/samples/IdentitySample.PasskeyUI/Properties/launchSettings.json b/src/Identity/samples/IdentitySample.PasskeyUI/Properties/launchSettings.json
@@ -6,6 +6,7 @@
       "dotnetRunMessages": true,
       "launchBrowser": true,
       "applicationUrl": "http://localhost:5021",
+      "hotReloadEnabled": false,
       "environmentVariables": {
         "ASPNETCORE_ENVIRONMENT": "Development"
       }
@@ -15,6 +16,7 @@
       "dotnetRunMessages": true,
       "launchBrowser": true,
       "applicationUrl": "https://localhost:7021;http://localhost:5021",
+      "hotReloadEnabled": false,
       "environmentVariables": {
         "ASPNETCORE_ENVIRONMENT": "Development"
       }
diff --git a/src/Identity/samples/IdentitySample.PasskeyUI/wwwroot/app.js b/src/Identity/samples/IdentitySample.PasskeyUI/wwwroot/app.js
@@ -22,83 +22,100 @@
     }
 
     // Define home page JS functionality.
-    addRouteScript('/', () => {
+    addRouteScript('/', async () => {
+        let abortController;
         const form = document.getElementById('auth-form');
-        const usernameInput = document.getElementById('input-username');
-        const credentialInput = document.getElementById('input-credential');
-        const actionInput = document.getElementById('input-action');
-        const registerInput = document.getElementById('input-register');
-        const authenticateInput = document.getElementById('input-authenticate');
         const statusMessage = document.getElementById('status-message');
 
-        async function submitCredential(action, credentialCallback) {
-            statusMessage.textContent = 'Submitting...';
+        async function fetchNewCredential(username) {
+            if (!username) {
+                throw new Error('Please enter a username.');
+            }
+
+            const optionsResponse = await fetch('/attestation/options', {
+                method: 'POST',
+                body: JSON.stringify({
+                    username,
+                    authenticatorSelection: {
+                        residentKey: 'preferred',
+                    }
+                    // TODO: Allow configuration of other options.
+                }),
+                headers: {
+                    'Content-Type': 'application/json',
+                },
+                credentials: 'include',
+            });
+            const optionsJson = await optionsResponse.json();
+            const options = PublicKeyCredential.parseCreationOptionsFromJSON(optionsJson);
+            abortController?.abort();
+            abortController = new AbortController();
+            return await navigator.credentials.create({
+                publicKey: options,
+                signal: abortController.signal,
+            });
+        }
+
+        async function fetchExistingCredential(username, useConditionalMediation) {
+            // The username is optional for authentication, so we don't validate it here.
+            const optionsResponse = await fetch('/assertion/options', {
+                method: 'POST',
+                body: JSON.stringify({
+                    username,
+                    // TODO: Allow configuration of other options.
+                }),
+                headers: {
+                    'Content-Type': 'application/json',
+                },
+                credentials: 'include',
+            });
+            const optionsJson = await optionsResponse.json();
+            const options = PublicKeyCredential.parseRequestOptionsFromJSON(optionsJson);
+            abortController?.abort();
+            abortController = new AbortController();
+            return await navigator.credentials.get({
+                publicKey: options,
+                mediation: useConditionalMediation ? 'conditional' : undefined,
+                signal: abortController.signal,
+            });
+        }
+
+        async function fetchAndSubmitCredential(action, useConditionalMediation = false) {
             try {
-                var credential = await credentialCallback();
+                const username = new FormData(form).get('username');
+                let credential;
+                if (action === 'register') {
+                    credential = await fetchNewCredential(username);
+                } else if (action === 'authenticate') {
+                    credential = await fetchExistingCredential(username, useConditionalMediation);
+                } else {
+                    throw new Error('Unknown action: ' + action);
+                }
                 var credentialJson = JSON.stringify(credential);
-                credentialInput.value = credentialJson;
-                actionInput.value = action;
+                form.addEventListener('formdata', (e) => {
+                    e.formData.append('action', action);
+                    e.formData.append('credential', credentialJson);
+                }, { once: true });
                 form.submit();
             } catch (error) {
-                statusMessage.textContent = 'Error: ' + error.message;
-                throw error;
+                // Ignore abort errors, they are expected when the user cancels the operation.
+                if (error.name !== 'AbortError') {
+                    statusMessage.textContent = 'Error: ' + error.message;
+                    throw error;
+                }
             }
         }
 
-        registerInput.addEventListener('click', async (e) => {
-            e.preventDefault();
-
-            await submitCredential('register', async () => {
-                const username = usernameInput.value;
-                if (!username) {
-                    throw new Error('Please enter a username.');
-                }
-
-                const optionsResponse = await fetch('/attestation/options', {
-                    method: 'POST',
-                    body: JSON.stringify({
-                        username,
-                        authenticatorSelection: {
-                            residentKey: 'preferred',
-                        }
-                        // TODO: Allow configuration of other options.
-                    }),
-                    headers: {
-                        'Content-Type': 'application/json',
-                    },
-                    credentials: 'include',
-                });
-                const optionsJson = await optionsResponse.json();
-                const options = PublicKeyCredential.parseCreationOptionsFromJSON(optionsJson);
-                const credential = await navigator.credentials.create({ publicKey: options });
-                return credential;
-            });
+        form.addEventListener('submit', (e) => {
+            if (e.submitter?.name == 'action') {
+                e.preventDefault();
+                fetchAndSubmitCredential(e.submitter.value);
+            }
         });
 
-        authenticateInput.addEventListener('click', async (e) => {
-            e.preventDefault();
-
-            await submitCredential('authenticate', async () => {
-                // The username is optional for authentication, so we don't validate it here.
-                const username = usernameInput.value;
-
-                const optionsResponse = await fetch('/assertion/options', {
-                    method: 'POST',
-                    body: JSON.stringify({
-                        username,
-                        // TODO: Allow configuration of other options.
-                    }),
-                    headers: {
-                        'Content-Type': 'application/json',
-                    },
-                    credentials: 'include',
-                });
-                const optionsJson = await optionsResponse.json();
-                const options = PublicKeyCredential.parseRequestOptionsFromJSON(optionsJson);
-                const credential = await navigator.credentials.get({ publicKey: options });
-                return credential;
-            });
-        });
+        if (await PublicKeyCredential.isConditionalMediationAvailable()) {
+            await fetchAndSubmitCredential('authenticate', /* useConditionalMediation */ true);
+        }
     });
 
     enableRouteScripts();
diff --git a/src/ProjectTemplates/Web.ProjectTemplates/content/BlazorWeb-CSharp/BlazorWeb-CSharp/Components/Account/Pages/Login.razor b/src/ProjectTemplates/Web.ProjectTemplates/content/BlazorWeb-CSharp/BlazorWeb-CSharp/Components/Account/Pages/Login.razor
@@ -24,7 +24,7 @@
                 <hr />
                 <ValidationSummary class="text-danger" role="alert" />
                 <div class="form-floating mb-3">
-                    <InputText @bind-Value="Input.Email" id="Input.Email" class="form-control" autocomplete="username" aria-required="true" placeholder="name@example.com" />
+                    <InputText @bind-Value="Input.Email" id="Input.Email" class="form-control" autocomplete="username webauthn" aria-required="true" placeholder="name@example.com" />
                     <label for="Input.Email" class="form-label">Email</label>
                     <ValidationMessage For="() => Input.Email" class="text-danger" />
                 </div>
diff --git a/src/ProjectTemplates/Web.ProjectTemplates/content/BlazorWeb-CSharp/BlazorWeb-CSharp/Components/Account/Shared/PasskeySubmit.razor.js b/src/ProjectTemplates/Web.ProjectTemplates/content/BlazorWeb-CSharp/BlazorWeb-CSharp/Components/Account/Shared/PasskeySubmit.razor.js
@@ -1,4 +1,4 @@
-async function fetchWithErrorHandling(url, options = {}) {
+﻿async function fetchWithErrorHandling(url, options = {}) {
     const response = await fetch(url, {
         credentials: 'include',
         ...options
@@ -11,30 +11,33 @@ async function fetchWithErrorHandling(url, options = {}) {
     return response;
 }
 
-async function createCredential() {
+async function createCredential(signal) {
     const optionsResponse = await fetchWithErrorHandling('/Account/PasskeyCreationOptions', {
         method: 'POST',
+        signal,
     });
     const optionsJson = await optionsResponse.json();
     const options = PublicKeyCredential.parseCreationOptionsFromJSON(optionsJson);
-    return await navigator.credentials.create({ publicKey: options });
+    return await navigator.credentials.create({ publicKey: options, signal });
 }
 
-async function requestCredential(email) {
+async function requestCredential(email, mediation, signal) {
     const optionsResponse = await fetchWithErrorHandling(`/Account/PasskeyRequestOptions?username=${email}`, {
         method: 'POST',
+        signal,
     });
     const optionsJson = await optionsResponse.json();
     const options = PublicKeyCredential.parseRequestOptionsFromJSON(optionsJson);
-    return await navigator.credentials.get({ publicKey: options });
+    return await navigator.credentials.get({ publicKey: options, mediation, signal });
 }
 
+let passkeySubmitAbortController;
+
 customElements.define('passkey-submit', class extends HTMLElement {
     static formAssociated = true;
 
     connectedCallback() {
         this.internals = this.attachInternals();
-        this.isObtainingCredentials = false;
         this.attrs = {
             operation: this.getAttribute('operation'),
             name: this.getAttribute('name'),
@@ -44,37 +47,46 @@ customElements.define('passkey-submit', class extends HTMLElement {
         this.internals.form.addEventListener('submit', (event) => {
             if (event.submitter?.name === '__passkeySubmit') {
                 event.preventDefault();
-                this.obtainCredentialAndReSubmit();
+                this.obtainCredentialAndSubmit();
             }
         });
-    }
 
-    async obtainCredentialAndReSubmit() {
-        if (this.isObtainingCredentials) {
-            return;
-        }
+        this.tryAutofillPasskey();
+    }
 
-        this.isObtainingCredentials = true;
+    async obtainCredentialAndSubmit(useConditionalMediation = false) {
+        passkeySubmitAbortController?.abort();
+        passkeySubmitAbortController = new AbortController();
+        const signal = passkeySubmitAbortController.signal;
         const formData = new FormData();
         try {
             let credential;
             if (this.attrs.operation === 'Create') {
-                credential = await createCredential();
+                credential = await createCredential(signal);
             } else if (this.attrs.operation === 'Request') {
                 const email = new FormData(this.internals.form).get(this.attrs.emailName);
-                credential = await requestCredential(email);
+                const mediation = useConditionalMediation ? 'conditional' : undefined;
+                credential = await requestCredential(email, mediation, signal);
             } else {
                 throw new Error(`Unknown passkey operation '${operation}'.`);
             }
             const credentialJson = JSON.stringify(credential);
             formData.append(`${this.attrs.name}.CredentialJson`, credentialJson);
         } catch (error) {
+            if (error.name === 'AbortError') {
+                // Canceled by user action, do not submit the form
+                return;
+            }
             formData.append(`${this.attrs.name}.Error`, error.message);
             console.error(error);
-        } finally {
-            this.isObtainingCredentials = false;
         }
         this.internals.setFormValue(formData);
         this.internals.form.submit();
     }
+
+    async tryAutofillPasskey() {
+        if (this.attrs.operation === 'Request' && await PublicKeyCredential.isConditionalMediationAvailable()) {
+            await this.obtainCredentialAndSubmit(/* useConditionalMediation */ true);
+        }
+    }
 });
