Infer passkey display name from AAGUID

[MackinnonBuck]

Infer passkey display name from AAGUID

Summary

This PR improves the passkey user experience in the Blazor Web App project template by automatically inferring display names for passkeys based on their AAGUID (Authenticator Attestation GUID).

Fixes #63630

Changes

Framework (Microsoft.AspNetCore.Identity)

• Added Aaguid property (byte[]?) to UserPasskeyInfo and IdentityPasskeyData to persist the authenticator's AAGUID
• Updated PasskeyHandler to extract the AAGUID during passkey attestation
• Updated EF Core mappings to include the new property (no schema migration required since IdentityPasskeyData uses a JSON column)

Blazor Web App Template

• Added PasskeyAuthenticators.cs which maps known AAGUIDs to friendly authenticator names
• Updated Passkeys.razor to display inferred names and creation dates for each passkey
• For known authenticators, the name is automatically assigned without prompting the user
• For unknown authenticators, the user is still redirected to the rename page

Supported Authenticators

The template includes mappings for the top 5 most commonly used passkey authenticators:

• Google Password Manager
• iCloud Keychain
• Windows Hello
• 1Password
• Bitwarden

Developers can easily add more authenticators by extending the dictionary in PasskeyAuthenticators.cs.

Demo

Before

passkey_ui_old.mp4

After

passkey_ui_new.mp4

[javiercn]

Should this guard about setting the name if there is already a name set?

[javiercn]

Is the name a default that can be overriden by the user? my question is based on this

-        // Immediately prompt the user to enter a name for the credential

[MackinnonBuck]

By user do you mean developer or end user of the web app?

The end user can click the "rename" button in the "Passkeys" page, and they'll be taken directly to the "Rename passkey" page, bypassing this code path.

The developer can change the PasskeyAuthenticators.cs file to make the defaults whatever they want, as it's template code.

Or is the concern that the developer could set the default name in a custom UserManager, so the name would be populated in between passkey creation and the passkey name inference? If so, the current behavior of this code is to overwrite any predefined passkey name with one of the defaults defined in PasskeyAuthenticators, if present. We could change this logic to check that passkey name is empty before replacing it with an inferred one, but that might not always be what the developer wants (maybe they set the default explicitly to "Unnamed", which would disable passkey name inference even when it's probably desirable). I don't have a strong opinion about what the right behavior is here, so I could go either way.

[javiercn]

Would it make sense for this dictionary to be configurable/extensible? I imagine this could be applicable to other managers. I would think something like putting this in Options

[MackinnonBuck]

It's already configurable in the sense that it's template code and can be changed arbitrarily by the developer, isn't it?

[Copilot]

Pull request overview

This PR enhances passkey UX by persisting the authenticator AAGUID during attestation and using it in the Blazor Web App template to infer a friendly default passkey display name (reducing the need for a rename prompt).

Changes:

• Add Aaguid (byte[]?) to UserPasskeyInfo and IdentityPasskeyData, and extract it during passkey attestation.
• Update store/test mappings and spec assertions to round-trip the new Aaguid field.
• Add template logic to map known AAGUIDs to friendly authenticator names and display inferred names + creation date in the passkeys list.

Reviewed changes

Copilot reviewed 13 out of 13 changed files in this pull request and generated 3 comments.

Show a summary per file

File	Description
src/ProjectTemplates/Web.ProjectTemplates/content/BlazorWeb-CSharp/BlazorWebCSharp.1/Components/Account/PasskeyAuthenticators.cs	Adds AAGUID→friendly-name mapping and helper methods for display/inference.
src/ProjectTemplates/Web.ProjectTemplates/content/BlazorWeb-CSharp/BlazorWebCSharp.1/Components/Account/Pages/Manage/Passkeys.razor	Uses inferred display names and creation dates; auto-assigns a name for known authenticators.
src/Identity/test/Shared/PocoModel/PocoUserPasskey.cs	Extends test POCO model with an AAGUID field.
src/Identity/test/InMemory.Test/InMemoryStore.cs	Maps AAGUID between POCO and UserPasskeyInfo.
src/Identity/samples/IdentitySample.PasskeyUI/InMemoryUserStore.cs	Maps AAGUID between POCO and UserPasskeyInfo in sample store.
src/Identity/samples/IdentitySample.PasskeyConformance/InMemoryUserStore.cs	Same as above for conformance sample store.
src/Identity/Specification.Tests/src/IdentitySpecificationTestBase.cs	Adds AAGUID to passkey equality assertions.
src/Identity/Extensions.Stores/src/PublicAPI.Unshipped.txt	Declares new public API surface for IdentityPasskeyData.Aaguid.
src/Identity/Extensions.Stores/src/IdentityPasskeyData.cs	Adds persisted Aaguid property.
src/Identity/Extensions.Core/src/UserPasskeyInfo.cs	Adds Aaguid property to passkey model.
src/Identity/Extensions.Core/src/PublicAPI.Unshipped.txt	Declares new public API surface for UserPasskeyInfo.Aaguid.
src/Identity/EntityFrameworkCore/src/IdentityUserPasskeyExtensions.cs	Maps Aaguid between EF entity JSON payload and UserPasskeyInfo.
src/Identity/Core/src/PasskeyHandler.cs	Extracts AAGUID from attestation and sets it on the created UserPasskeyInfo.