WebAuthn / passkeys support in Android WebView

[mahnunchik]

Feature Request

The Web Authentication API (WebAuthn) is an extension of the Credential Management API that enables strong authentication with public key cryptography, enabling passwordless authentication and secure multi-factor authentication (MFA) without SMS texts.

https://developer.mozilla.org/en-US/docs/Web/API/Web_Authentication_API

Motivation Behind Feature

Android WebView does not support WebAuthn due to some strange security reasons. The browser supports it, but the embedded WebView does not. Strange, but okay. Correct me if I'm wrong.

It would be great to add support for hardware security keys (passkeys, FIDO-authenticator) in Cordova applications.

Feature Description

According to Google's documentation Authenticate users with WebView, support can be added, but it's necessary to implement support in native Android code.

Maybe someone has already developed a plugin? I couldn't find one.

Alternatives or Workarounds

Authentication can be performed by opening the remote page in the in-app browser. WebAuthn works in it...

[breautek]

This will be better integrated via a cordova plugin rather than in a core framework component.

If the plugin needs a new API for implementation, then a feature request could be made for that, but glancing over the android docs, the core framework should be able to provide everything it needs.

Big part of their documentation and how-to example is building a communication bridge between the webview and native environment, which Cordova already has. So it's a matter of implementation the public API as defined in the W3C spec (so that maybe one day the plugin won't be necessary, and the plugin can be removed without changing any app code using the API).

Additional Resources:

• Plugin Creation Guide