Biometrics Simulation

Emuluxe allows you to test and verify WebAuthn and passkey flows by simulating native biometric authentication (Face ID and Touch ID) directly in the browser.

Overview

Testing biometric flows usually requires a physical device with a secure enclave. Emuluxe's Biometric Simulation Engine mocks the low-level Chromium WebAuthn responses, allowing you to:

• Verify that your application correctly triggers the biometric prompt.
• Test successful and failed authentication states.

• Audit the communication between your frontend and the backend authentication server.

How it Works

When you enable Biometrics in the Emuluxe panel, we inject a mock navigator.credentials implementation. This implementation intercepts calls to navigator.credentials.create and navigator.credentials.get.

Supported Modes

1. Simulated (Virtual Mode): A simulated prompt appears within the Emuluxe UI, allowing you to manually trigger "Success" or "Failure" to test your application logic. This is ideal for automated testing and CI/CD environments.

2. Host Device (Pass-through): Uses your computer's actual native biometrics (e.g., Touch ID on a MacBook) to sign the WebAuthn challenge. This is the most realistic mode and verifies that your signatures are valid for production deployment.

Setting Up Biometrics

1. Open the Emuluxe Extension on a site that supports WebAuthn (e.g., webauthn.io).
2. Navigate to the Security or Settings tab.
3. Toggle Enable Biometrics to ON.
4. Select your preferred Biometric Mode (Virtual or Host).
5. Trigger an authentication flow in your app.

Technical Details

Emuluxe uses a custom signature generator that adheres to the FIDO2 / WebAuthn specification. When using Host Pass-through, we utilize the browser's native PublicKeyCredential API but wrap it in our session tracker to ensures the telemetry is correctly associated with your Emuluxe account.

[!IMPORTANT] Biometric simulation is only available on Pro and Enterprise tiers. Free users are limited to basic viewport simulation.

Troubleshooting

• "A request is already pending": This usually happens if multiple tabs are trying to access the biometric API simultaneously. Ensure only one tab is actively simulating biometrics.
• Invalid Signatures: If your server rejects our virtual signatures, ensure you are not strictly validating the hardware AAGUID, as our virtual device uses a generic Emuluxe-signed identifier.