search

MasterKale / SimpleWebAuthn

WebAuthn, Simplified. A collection of TypeScript-first libraries for simpler WebAuthn integration. Supports modern browsers, Node, Deno, and more.
https://simplewebauthn.dev
MIT License
1.63k stars 137 forks source link

How to manually Abort startAuthentication () with browser autofill #322

Closed rj-david closed 1 year ago

rj-david commented 1 year ago

In a single page app, how can we abort the startAuthentication() with browser autofill if ever the user leaves the page without the promise being resolved?

MasterKale commented 1 year ago

There's currently no way to do that; @simplewebauthn/browser doesn't expose a way to manually abort a Conditional UI request. However, the next time your authentication page renders and calls startAuthentication() @simplewebauthn/browser will automatically abort the first autofill request via the internal WebAuthnAbortService:

https://github.com/MasterKale/SimpleWebAuthn/blob/master/packages/browser/src/helpers/webAuthnAbortService.ts#L12-L22

The same thing will happen if, on your login page, you call startAuthentication(..., true) to initialize autofill, but then allow the user to manually initiate WebAuthn auth via startAuthentication(...).

This is getting into the weeds a bit, though. Suffice to say I believe users like yourself can forget about managing abort signals and just let @simplewebauthn/browser manage this aspect of WebAuthn use.

rj-david commented 1 year ago

Thanks, @MasterKale, for the explanation. Wonderful project