mirror of
https://github.com/electron/electron.git
synced 2026-05-02 03:00:22 -04:00
2d943ef610
* feat: support WebAuthn Touch ID platform authenticator on macOS
Adds `app.configureWebAuthn({ touchID: { keychainAccessGroup } })` to enable
the Secure Enclave platform authenticator for `navigator.credentials`.
Credentials are stored under the app-supplied keychain access group with a
per-session metadata secret that is generated on first use and persisted in
prefs.
Also introduces `ElectronAuthenticatorRequestClientDelegate` and wires it via
`ContentBrowserClient::GetWebAuthenticationRequestDelegate()` so that
discoverable-credential `get()` calls with multiple matches emit a new
`select-webauthn-account` session event instead of DCHECK-failing in the base
delegate. If no listener is registered (or the callback is invoked with no
credential), the request is cancelled with NotAllowedError rather than
silently auto-selecting.
Tests use the DevTools virtual authenticator so the account-selection flow is
exercised in CI without entitlements or real hardware.
Co-authored-by: Samuel Attard <sattard@anthropic.com>
* fix: register request delegate as FidoRequestHandlerBase observer
The base AuthenticatorRequestClientDelegate::StartObserving() is a no-op, so
observer() on the request handler stayed null. MakeCredentialRequestHandler::
SpecializeRequestForAuthenticator dereferences observer()->SupportsPIN() when
residentKey is 'preferred', crashing with SEGV when a real FIDO2 HID key is
dispatched.
Override StartObserving/StopObserving to register via a ScopedObservation like
ChromeAuthenticatorRequestDelegate does. Added a virtual-authenticator
regression test for create() with residentKey: 'preferred'.
Co-authored-by: Samuel Attard <sattard@anthropic.com>
* chore: update copyright attribution for new webauthn files
Co-authored-by: Samuel Attard <sattard@anthropic.com>
* fix: address review feedback on webauthn account-select event
- Encode credentialId and userHandle as URL-safe base64 without padding so
the values match PublicKeyCredential.id from navigator.credentials.get()
byte-for-byte; tests now assert the equality rather than transcoding.
- Cancel the pending request when the listener invokes the callback with a
credentialId that does not match any account, instead of leaving the
request hanging while the listener retries. The TypeError still surfaces
so the misuse remains visible to the developer.
- DCHECK that the Touch ID config helpers run on the UI thread, encoding
the threading invariant the read-then-write metadata-secret pref relies
on.
Co-authored-by: Samuel Attard <sattard@anthropic.com>
* fix: oxfmt formatting in webauthn spec
Co-authored-by: Samuel Attard <sattard@anthropic.com>
* fix: use out-param form of base::Base64UrlEncode
Co-authored-by: Samuel Attard <sattard@anthropic.com>
* fix: silently cancel webauthn account select on unknown credentialId
Throwing back into the listener bubbles up as an unhandled exception in
the main process. Match the no-args branch exactly so the listener sees a
single consistent failure mode (cancel + NotAllowedError) whether it
declines deliberately or by mistake.
Co-authored-by: Samuel Attard <sattard@anthropic.com>
* chore: node script/lint.js --js --fix
---------
Co-authored-by: trop[bot] <37223003+trop[bot]@users.noreply.github.com>
Co-authored-by: Samuel Attard <sattard@anthropic.com>
Co-authored-by: Charles Kerr <charles@charleskerr.com>
Official Guides
Please make sure that you use the documents that match your Electron version. The version number should be a part of the page URL. If it's not, you are probably using the documentation of a development branch which may contain API changes that are not compatible with your Electron version. To view older versions of the documentation, you can browse by tag on GitHub by opening the "Switch branches/tags" dropdown and selecting the tag that matches your version.
FAQ
There are questions that are asked quite often. Check this out before creating an issue:
Guides and Tutorials
Getting started
Learning the basics
- Adding Features to Your App
- Notifications
- Recent Documents
- Application Progress
- Custom Dock Menu
- Custom Windows Taskbar
- Custom Linux Desktop Actions
- Keyboard Shortcuts
- Offline/Online Detection
- Represented File for macOS BrowserWindows
- Native File Drag & Drop
- Navigation History
- Offscreen Rendering
- Dark Mode
- Web embeds in Electron
- Boilerplates and CLIs
Advanced steps
- Application Architecture
- Accessibility
- Testing and Debugging
- Distribution
- Updates
- Getting Support
Detailed Tutorials
These individual tutorials expand on topics discussed in the guide above.
- Installing Electron
- Electron Releases & Developer Feedback
API References
- Process Object
- Supported Command Line Switches
- Environment Variables
- Chrome Extensions Support
- Breaking API Changes
Custom Web Features:
Modules for the Main Process:
- app
- autoUpdater
- BaseWindow
- BrowserWindow
- contentTracing
- desktopCapturer
- dialog
- globalShortcut
- inAppPurchase
- ImageView
- ipcMain
- Menu
- MenuItem
- MessageChannelMain
- MessagePortMain
- nativeTheme
- net
- netLog
- Notification
- powerMonitor
- powerSaveBlocker
- protocol
- pushNotifications
- safeStorage
- screen
- ServiceWorkerMain
- session
- ShareMenu
- systemPreferences
- TouchBar
- Tray
- utilityProcess
- View
- webContents
- webFrameMain
- WebContentsView
Modules for the Renderer Process (Web Page):
Modules for Both Processes:
- clipboard (non-sandboxed renderers only)
- crashReporter
- nativeImage
- shell (non-sandboxed renderers only)