[EC-598] feat: add rudimentary support for excluded credentials

apps/browser/src/services/fido2/browser-fido2-user-interface.service.ts

@@ -75,6 +75,10 @@ export type BrowserFido2Message = { sessionId: string } & (
       type: "ConfirmNewNonDiscoverableCredentialResponse";
       cipherId: string;
     }
+  | {
+      type: "InformExcludedCredentialRequest";
+      existingCipherIds: string[];
+    }
   | {
       type: "AbortRequest";
     }
@@ -222,12 +226,15 @@ export class BrowserFido2UserInterfaceSession implements Fido2UserInterfaceSessi
     return response.cipherId;
   }
 
-  informExcludedCredential(
-    existingCipherIds: string[],
-    newCredential: NewCredentialParams,
-    abortController?: AbortController
-  ): Promise<void> {
-    return null;
+  async informExcludedCredential(existingCipherIds: string[]): Promise<void> {
+    const data: BrowserFido2Message = {
+      type: "InformExcludedCredentialRequest",
+      sessionId: this.sessionId,
+      existingCipherIds,
+    };
+
+    await this.send(data);
+    await this.receive("AbortResponse");
   }
 
   private async send(msg: BrowserFido2Message): Promise<void> {

apps/browser/src/webauthn/popup/fido2/fido2.component.html

@@ -37,6 +37,18 @@
       </div>
       <button type="button" class="btn btn-outline-secondary" (click)="confirmNew()">Create</button>
     </ng-container>
+    <ng-container *ngIf="data.type == 'InformExcludedCredentialRequest'">
+      A passkey already exists in Bitwarden for this account
+      <div class="box list">
+        <div class="box-content">
+          <app-cipher-row
+            *ngFor="let cipher of ciphers"
+            [cipher]="cipher"
+            (onSelected)="pick(cipher)"
+          ></app-cipher-row>
+        </div>
+      </div>
+    </ng-container>
     <button type="button" class="btn btn-outline-secondary" (click)="abort(true)">
       Use browser built-in
     </button>

apps/browser/src/webauthn/popup/fido2/fido2.component.ts

@@ -85,6 +85,13 @@ export class Fido2Component implements OnInit, OnDestroy {
             this.ciphers = (await this.cipherService.getAllDecrypted()).filter(
               (cipher) => cipher.type === CipherType.Login && !cipher.isDeleted
             );
+          } else if (data?.type === "InformExcludedCredentialRequest") {
+            this.ciphers = await Promise.all(
+              data.existingCipherIds.map(async (cipherId) => {
+                const cipher = await this.cipherService.get(cipherId);
+                return cipher.decrypt();
+              })
+            );
           }
         }),
         takeUntil(this.destroy$)

libs/common/src/webauthn/abstractions/fido2-user-interface.service.abstraction.ts

@@ -39,7 +39,6 @@ export abstract class Fido2UserInterfaceSession {
   ) => Promise<string | undefined>;
   informExcludedCredential: (
     existingCipherIds: string[],
-    newCredential: NewCredentialParams,
     abortController?: AbortController
   ) => Promise<void>;
 }

libs/common/src/webauthn/services/fido2-authenticator.service.ts

@@ -65,11 +65,8 @@ export class Fido2AuthenticatorService implements Fido2AuthenticatorServiceAbstr
     const isExcluded = await this.vaultContainsCredentials(params.excludeCredentialDescriptorList);
     if (isExcluded) {
       await userInterfaceSession.informExcludedCredential(
-        [Utils.guidToStandardFormat(params.excludeCredentialDescriptorList[0].id)],
-        {
-          credentialName: params.rpEntity.name,
-          userName: params.userEntity.displayName,
-        },
+        // [Utils.guidToStandardFormat(params.excludeCredentialDescriptorList[0].id)],
+        [],
         abortController
       );