We use cookies to analyze site traffic and show personalized ads. You can accept all cookies or decline personalized advertising.
Learn more in our Privacy Policy.
Simulate hardware security keys (WebAuthn) for passwordless login testing.
Testing Two-Factor Authentication (2FA) or Biometrics usually requires physical hardware. Selenium 4 introduces the Virtual Authenticator API to simulate these devices (like YubiKeys or TouchID) directly in the browser.
A web standard for secure authentication using public key cryptography. It replaces passwords with more secure credentials like biometrics or security keys.
Selenium can create a "Virtual Authenticator" attached to the browser session. You can configure it to simulate user consent, verification, and protocol types (CTAP2, U2F).
Click the button to trigger the WebAuthn request. Selenium will intercept this!
1234567891011121314151617181920HasVirtualAuthenticator virtualAuthManager = (HasVirtualAuthenticator) driver;
VirtualAuthenticatorOptions options = new VirtualAuthenticatorOptions()
.setProtocol(VirtualAuthenticatorOptions.Protocol.CTAP2)
.setTransport(VirtualAuthenticatorOptions.Transport.USB)
.setHasResidentKey(true)
.setHasUserVerification(true)
.setIsUserVerified(true)
.setIsUserConsenting(true);
VirtualAuthenticator authenticator =
virtualAuthManager.addVirtualAuthenticator(options);
driver.findElement(By.id("checkAuthBtn")).click();
System.out.println("Result: " + driver.findElement(By.id("authStatus")).getText());
virtualAuthManager.removeVirtualAuthenticator(authenticator);
driver.quit();Treat the virtual authenticator like any other test fixture: create → use → remove in the same test.
Always verify both success (with virtual key) and failure (without it) to fully test your flow.
Remember: WebAuthn only works on HTTPS or localhost and mainly in Chromium-based browsers.