In developing our passkey integration I'm encountering unusual behavior in Chrome on Windows.

On my PC, when I register a new physical key I see this Windows dialog.

When I enable the virtual authenticator environment in the Chrome Dev Tools I get this Chrome dialog instead.

However, someone testing the application for me on another PC, without using the virtual authenticator environment, gets the Windows dialog first. If they click Cancel in the Windows dialog, then they get the Chrome dialog.

Is there anything I can do to nudge the browser towards delivering a more consistent experience? I'd rather always show the Chrome dialog if possible.

For reference, this is the virtual authenticator environment in the Chrome Dev Tools:

CodePudding user response：

The problem is that lots of enterprise users have to use a physical security key one or more times a day. So there's a strong desire not to put extra clicks in their way and thus to jump directly to the Windows system UI. But the Windows UI doesn't support using phones as authenticators, so sometimes the browser UI is needed as hitting escape is quite non-discoverable.

Quite how that balance is struck has varied over time and might change again in the future. You can see the current logic here if you want to craft requests that trigger the browser UI. But the intent is that sites should do the obvious thing and the UI should be fairly reasonable.