Method Detail

• enableFidoWebauthn

   final static Boolean enableFidoWebauthn(WebView $self, CoroutineScope coroutineScope, FidoClient fidoClient, WebViewClient webViewClient)

  Enables FIDO WebAuthn support for this WebView, allowing web pages to perform WebAuthn credential creation and assertion operations using a FIDO security key.

  This function configures the WebView to intercept navigator.credentials.create() and navigator.credentials.get() JavaScript calls, routing them through the provided FidoClient for hardware-backed authentication.

  Configuration performed:

  • Enables JavaScript execution on the WebView

  • Registers a androidx.webkit.WebViewCompat.WebMessageListener to handle WebAuthn requests with per-message origin verification and frame isolation

  • Sets a custom android.webkit.WebViewClient to inject the polyfill on each page load

  Security:

  • Only HTTPS origins are permitted; requests from non-HTTPS pages are rejected

  • Requests from subframes (iframes) are rejected by the WebView message listener

  • Origin attribution uses the per-message sourceOrigin provided by the WebView, not the top-level page URL

  • Only one WebAuthn request can be in progress at a time

  • If the WebView implementation does not support androidx.webkit.WebViewFeature.WEB_MESSAGE_LISTENER, the bridge is not enabled and this method returns false (fail-closed)

  HTTP Authentication: The WebView will display a dialog for HTTP Basic authentication challenges.

  Parameters:

  coroutineScope - The CoroutineScope used to launch coroutines for handling WebAuthn operations and HTTP authentication dialogs.

  fidoClient - The FidoClient instance used to perform credential creation (FidoClient.makeCredential) and assertion (FidoClient.getAssertion) operations.

  webViewClient - An optional custom WebViewClient to be chained with the internal WebViewClient that handles FIDO polyfill injection.