We are using a 3rd party application to authenticate our users before they login to carry out transactions with our product. The authentication is tightly coupled with our backend as we verify the login creds at backend . We use webdriverIO for our end to end tests. We would like to run our end to end tests replicate the real world scenario as close as possible.
Is there a way to emulate authentication simulators for Passkey based authentication? or what are a few strategies used by companies out there?
We tried using a stub for skipping the authentication process, but it did not feel safe/secure to us. We asked the 3rd party authentication providers for test accounts. They do not have/support any test accounts yet.
As far as browser automation goes Chromium based browsers have an inbuilt virtual authenticator you can enable during your tests. To activate this feature, you need to use commands from the Chrome DevTools Protocol (CDP) when running your test. Although I haven't personally used WebdriverIO, this tool likely follows a similar process for enabling the virtual authenticator.
It looks like they have an in built command for it. You may need to tweak the parameters depending on what the 3rd party authentication provider accepts as a relying party.
https://webdriver.io/docs/api/webdriver#addvirtualauthenticator
If that doesn't work then, you may need to interact with CDP directly then.
Also I think its okay to stub out your authentication during automation and leave it as a few manual tests. Keep in mind that this is just a simulation of an authenticator, similar to what might be used in a real-world scenario. However, it's not the same as using actual security features like Windows Hello or Apple's authenticator.