Throw if silent assert request requires showing UI

libs/common/src/platform/abstractions/fido2/fido2-authenticator.service.abstraction.ts

@@ -153,8 +153,14 @@ export interface Fido2AuthenticatorGetAssertionParams {
   /** Forwarded to user interface */
   fallbackSupported: boolean;
 
-  // Bypass the UI and assume that the user has already interacted with the authenticator
+  /** Bypass the UI and assume that the user has already interacted with the authenticator */
   assumeUserPresence?: boolean;
+
+  /** Signals whether an error should be thrown if an assertion cannot be obtained without showing Bitwarden UI.
+   *
+   * Note that OS user verification prompts are allowed in silent requests.
+  */
+  isSilent?: boolean;
 }
 
 export interface Fido2AuthenticatorGetAssertionResult {

libs/common/src/platform/abstractions/fido2/fido2-user-interface.service.abstraction.ts

@@ -50,6 +50,12 @@ export interface PickCredentialParams {
    * Identifies whether a cipher requires a master password reprompt when getting a credential.
    */
   masterPasswordRepromptRequired?: boolean;
+
+  /** Signals whether an error should be thrown if an assertion cannot be obtained without showing Bitwarden UI.
+   *
+   * Note that OS user verification prompts are allowed in silent requests.
+  */
+  isSilent?: boolean;
 }
 
 /**
@@ -121,3 +127,6 @@ export abstract class Fido2UserInterfaceSession {
    */
   abstract close(): void;
 }
+
+/** Thrown when user interaction is required during a request for a silent assertion. */
+export class UserInteractionRequired extends Error {}

libs/common/src/platform/services/fido2/fido2-authenticator.service.ts

@@ -291,6 +291,7 @@ export class Fido2AuthenticatorService<
           userVerification: params.requireUserVerification,
           assumeUserPresence: params.assumeUserPresence,
           masterPasswordRepromptRequired,
+          isSilent: params.isSilent,
         });
       }