barycenter/tests/tools/README.md

# WebAuthn Fixture Capture Tool

This tool captures real WebAuthn responses from your authenticator for use in integration tests.

## Prerequisites

1. Start Barycenter server:
   ```bash
   cargo run
   ```

2. Create a test user (if not already exists):
   ```bash
   # The default admin user should work (admin/password123)
   ```

## Usage

1. Open `capture_webauthn_fixture.html` in your browser:
   ```bash
   open tests/tools/capture_webauthn_fixture.html
   # or
   firefox tests/tools/capture_webauthn_fixture.html
   ```

2. Click "Login to Server" to authenticate

3. Click "Capture Registration Fixture" to register a new passkey
   - Your browser will prompt you to use your authenticator
   - Use TouchID, Windows Hello, or a USB security key

4. Copy the JSON output and save to `tests/fixtures/`

## Fixture Types

### Hardware-Bound Passkey
- **File**: `hardware_key_registration.json`
- **Device**: USB security key (YubiKey, etc.)
- **Characteristics**:
  - `backup_eligible`: false
  - `backup_state`: false
  - AMR: `["hwk"]`

### Cloud-Synced Passkey
- **File**: `cloud_synced_passkey.json`
- **Device**: TouchID (macOS), Windows Hello, iCloud Keychain
- **Characteristics**:
  - `backup_eligible`: true
  - `backup_state`: true
  - AMR: `["swk"]`

## Captured Data

Each fixture contains:
- **challenge_response**: The initial challenge from the server
- **credential_response**: The credential created by the authenticator
- **server_response**: The server's verification response (registration only)
- **metadata**: Capture timestamp, authenticator type, user agent

## Using Fixtures in Tests

```rust
use crate::helpers::load_fixture;

#[tokio::test]
async fn test_passkey_registration() {
    let fixture = load_fixture("hardware_key_registration");
    // Use fixture.challenge_response and fixture.credential_response in tests
}
```

## Tips

- **Multiple Devices**: Capture fixtures from different authenticator types (hardware vs platform)
- **Fresh Captures**: If the server's JWKS changes, you may need to recapture fixtures
- **Counter Values**: Each authentication increments the counter - recapture if needed for specific counter tests
Implement more tests Signed-off-by: Till Wegmueller <toasterson@gmail.com> 2026-01-06 12:39:19 +01:00			`# WebAuthn Fixture Capture Tool`

			`This tool captures real WebAuthn responses from your authenticator for use in integration tests.`

			`## Prerequisites`

			`1. Start Barycenter server:`
			```bash
			`cargo run`
			```

			`2. Create a test user (if not already exists):`
			```bash
			`# The default admin user should work (admin/password123)`
			```

			`## Usage`

			1. Open `capture_webauthn_fixture.html` in your browser:
			```bash
			`open tests/tools/capture_webauthn_fixture.html`
			`# or`
			`firefox tests/tools/capture_webauthn_fixture.html`
			```

			`2. Click "Login to Server" to authenticate`

			`3. Click "Capture Registration Fixture" to register a new passkey`
			`- Your browser will prompt you to use your authenticator`
			`- Use TouchID, Windows Hello, or a USB security key`

			4. Copy the JSON output and save to `tests/fixtures/`

			`## Fixture Types`

			`### Hardware-Bound Passkey`
			- File: `hardware_key_registration.json`
			`- Device: USB security key (YubiKey, etc.)`
			`- Characteristics:`
			- `backup_eligible`: false
			- `backup_state`: false
			- AMR: `["hwk"]`

			`### Cloud-Synced Passkey`
			- File: `cloud_synced_passkey.json`
			`- Device: TouchID (macOS), Windows Hello, iCloud Keychain`
			`- Characteristics:`
			- `backup_eligible`: true
			- `backup_state`: true
			- AMR: `["swk"]`

			`## Captured Data`

			`Each fixture contains:`
			`- challenge_response: The initial challenge from the server`
			`- credential_response: The credential created by the authenticator`
			`- server_response: The server's verification response (registration only)`
			`- metadata: Capture timestamp, authenticator type, user agent`

			`## Using Fixtures in Tests`

			```rust
			`use crate::helpers::load_fixture;`

			`#[tokio::test]`
			`async fn test_passkey_registration() {`
			`let fixture = load_fixture("hardware_key_registration");`
			`// Use fixture.challenge_response and fixture.credential_response in tests`
			`}`
			```

			`## Tips`

			`- Multiple Devices: Capture fixtures from different authenticator types (hardware vs platform)`
			`- Fresh Captures: If the server's JWKS changes, you may need to recapture fixtures`
			`- Counter Values: Each authentication increments the counter - recapture if needed for specific counter tests`