Is your feature request related to a problem? Please describe.
Over the past year or so, I've steadily found myself abandoning traditional authentication like username/password and even magic links in favour of WebAuthn passkeys.
As someone who builds lots of side-projects, the simplicity of not having to integrate with a mail provider, monitor deliverability, handle PII & GDPR compliance etc is huge, and the convenience of rapid registration + logins with native keychain integration is awesome for my users.
The only snag is my otherwise smooth transition is that I can't get AI to perform explorative testing and verification on authenticated pages through the Chrome DevTools MCP. The passkey creation/selection dialogs are completely invisible to the agent, so it hits a wall. I have to manually keep an eye on the browser window, catch the request in time, and register/approve etc.
Describe the solution you'd like
I would like the Chrome DevTools MCP to expose the WebAuthn affordances already present in the CDP/Playwright so the agent can enable virtual authentication, manage authenticators and manage credentials.
Describe alternatives you've considered
The main alternative has been manually interacting with the Webauthn dialogs, which makes me a bottleneck to agentic work.
I believe I could also use Playwright, either as a library with hard-coded scripts, or as an MCP, but frankly, the Chrome DevTools MCP is better, and I don't want to use both.
Additional context
I sketched out an implementation (#823) a few weeks ago that does everything I need it to do (I used it to do extensive verification on a project I was involved in at the time).
I'm currently using that local fork, but would like to contribute the capability back to the project.
I've tried to make that PR conform as well as possible to project patterns and conventions, but I appreciate that just dropping a PR with no conversation isn't necessarily helpful.
I'm not precious about how the functionality is achieved, I'm just invested in having it work (one of my projects is a WebAuthn-only IdP!), so please let me know what I need to do to get this implemented in a way that you'd be happy to merge :)
Thanks in advance,
Ed
Is your feature request related to a problem? Please describe.
Over the past year or so, I've steadily found myself abandoning traditional authentication like username/password and even magic links in favour of WebAuthn passkeys.
As someone who builds lots of side-projects, the simplicity of not having to integrate with a mail provider, monitor deliverability, handle PII & GDPR compliance etc is huge, and the convenience of rapid registration + logins with native keychain integration is awesome for my users.
The only snag is my otherwise smooth transition is that I can't get AI to perform explorative testing and verification on authenticated pages through the Chrome DevTools MCP. The passkey creation/selection dialogs are completely invisible to the agent, so it hits a wall. I have to manually keep an eye on the browser window, catch the request in time, and register/approve etc.
Describe the solution you'd like
I would like the Chrome DevTools MCP to expose the WebAuthn affordances already present in the CDP/Playwright so the agent can enable virtual authentication, manage authenticators and manage credentials.
Describe alternatives you've considered
The main alternative has been manually interacting with the Webauthn dialogs, which makes me a bottleneck to agentic work.
I believe I could also use Playwright, either as a library with hard-coded scripts, or as an MCP, but frankly, the Chrome DevTools MCP is better, and I don't want to use both.
Additional context
I sketched out an implementation (#823) a few weeks ago that does everything I need it to do (I used it to do extensive verification on a project I was involved in at the time).
I'm currently using that local fork, but would like to contribute the capability back to the project.
I've tried to make that PR conform as well as possible to project patterns and conventions, but I appreciate that just dropping a PR with no conversation isn't necessarily helpful.
I'm not precious about how the functionality is achieved, I'm just invested in having it work (one of my projects is a WebAuthn-only IdP!), so please let me know what I need to do to get this implemented in a way that you'd be happy to merge :)
Thanks in advance,
Ed