OLD | NEW |
1 // Copyright 2017 The Chromium Authors. All rights reserved. | 1 // Copyright 2017 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 [JavaPackage="org.chromium.webauth.mojom"] | 5 [JavaPackage="org.chromium.webauth.mojom"] |
6 module webauth.mojom; | 6 module webauth.mojom; |
7 | 7 |
8 // This file describes the communication between the WebAuthentication renderer | 8 // This file describes the communication between the WebAuthentication renderer |
9 // implementation and browser-side implementations to create scoped credentials | 9 // implementation and browser-side implementations to create scoped credentials |
10 // and use already-created credentials to get assertions. | 10 // and use already-created credentials to get assertions. |
11 // See https://w3c.github.io/webauthn/. | 11 // See https://w3c.github.io/webauthn/. |
12 | 12 |
| 13 enum AuthenticatorStatus { |
| 14 SUCCESS, |
| 15 CANCELLED, |
| 16 UNKNOWN_ERROR, |
| 17 NOT_ALLOWED_ERROR, |
| 18 NOT_SUPPORTED_ERROR, |
| 19 SECURITY_ERROR, |
| 20 }; |
| 21 |
13 // The public key and attestation that is returned by an authenticator's | 22 // The public key and attestation that is returned by an authenticator's |
14 // call to makeCredential. | 23 // call to makeCredential. |
15 struct ScopedCredentialInfo { | 24 struct ScopedCredentialInfo { |
16 // A blob of data containing the JSON serialization of client data passed | 25 // A blob of data containing the JSON serialization of client data passed |
17 // to the authenticator. | 26 // to the authenticator. |
18 array<uint8> client_data; | 27 array<uint8> client_data; |
19 // A blob of data returned from the authenticator. | 28 // A blob of data returned from the authenticator. |
20 array<uint8> attestation; | 29 array<uint8> attestation; |
21 }; | 30 }; |
22 | 31 |
23 // Information about the relying party and the user account held by that | 32 // Information about the relying party and the user account held by that |
24 // relying party. This information is used by the authenticator to create | 33 // relying party. This information is used by the authenticator to create |
25 // or retrieve an appropriate scoped credential for this account. | 34 // or retrieve an appropriate scoped credential for this account. |
26 // These fields take arbitrary input. | 35 // These fields take arbitrary input. |
27 | |
28 struct RelyingPartyAccount { | 36 struct RelyingPartyAccount { |
29 // Friendly name of the Relying Party, e.g. "Acme Corporation" | 37 // Friendly name of the Relying Party, e.g. "Acme Corporation" |
30 string relying_party_display_name; | 38 string relying_party_display_name; |
31 // Friendly name associated with the user account, e.g. "John P. Smith" | 39 // Friendly name associated with the user account, e.g. "John P. Smith" |
32 string display_name; | 40 string display_name; |
33 // Identifier for the account, corresponding to no more than one credential | 41 // Identifier for the account, corresponding to no more than one credential |
34 // per authenticator and Relying Party. | 42 // per authenticator and Relying Party. |
35 string id; | 43 string id; |
36 // Detailed name for the account, e.g. john.p.smith@example.com | 44 // Detailed name for the account, e.g. john.p.smith@example.com |
37 string name; | 45 string? name; |
38 // User image, if any. | 46 // User image, if any. |
39 // Todo make this url.mojom.Url in a followup CL | 47 // TODO(kpaulhamus): make this url.mojom.Url in a followup CL |
40 string image_url; | 48 string? image_url; |
41 }; | 49 }; |
42 | 50 |
43 // Parameters that are used to generate an appropriate scoped credential. | 51 // Parameters that are used to generate an appropriate scoped credential. |
44 struct ScopedCredentialParameters { | 52 struct ScopedCredentialParameters { |
45 ScopedCredentialType type; | 53 ScopedCredentialType type; |
46 // TODO(kpaulhamus): add AlgorithmIdentifier algorithm; | 54 // TODO(kpaulhamus): add AlgorithmIdentifier algorithm; |
47 }; | 55 }; |
48 | 56 |
49 // Optional parameters that are used during makeCredential. | 57 // Optional parameters that are used during makeCredential. |
50 struct ScopedCredentialOptions { | 58 struct ScopedCredentialOptions { |
51 //TODO(kpaulhamus): Make this mojo.common.mojom.TimeDelta in followup CL | 59 //TODO(kpaulhamus): Make this mojo.common.mojom.TimeDelta in followup CL |
52 int32 timeout_seconds; | 60 double adjusted_timeout; |
53 string relying_party_id; | 61 string? relying_party_id; |
54 array<ScopedCredentialDescriptor> exclude_list; | 62 array<ScopedCredentialDescriptor> exclude_list; |
55 // TODO(kpaulhamus): add Extensions | 63 // TODO(kpaulhamus): add Extensions |
56 }; | 64 }; |
57 | 65 |
58 enum ScopedCredentialType { | 66 enum ScopedCredentialType { |
59 SCOPEDCRED, | 67 SCOPEDCRED, |
60 }; | 68 }; |
61 | 69 |
62 // Describes the credentials that the relying party already knows about for | 70 // Describes the credentials that the relying party already knows about for |
63 // the given account. If any of these are known to the authenticator, | 71 // the given account. If any of these are known to the authenticator, |
(...skipping 13 matching lines...) Expand all Loading... |
77 }; | 85 }; |
78 | 86 |
79 // Interface to direct authenticators to create or use a scoped credential. | 87 // Interface to direct authenticators to create or use a scoped credential. |
80 interface Authenticator { | 88 interface Authenticator { |
81 // Gets the credential info for a new credential created by an authenticator | 89 // Gets the credential info for a new credential created by an authenticator |
82 // for the given relying party and account. | 90 // for the given relying party and account. |
83 // |attestation_challenge| is a blob passed from the relying party server. | 91 // |attestation_challenge| is a blob passed from the relying party server. |
84 MakeCredential(RelyingPartyAccount account_information, | 92 MakeCredential(RelyingPartyAccount account_information, |
85 array<ScopedCredentialParameters> crypto_parameters, | 93 array<ScopedCredentialParameters> crypto_parameters, |
86 array<uint8> attestation_challenge, | 94 array<uint8> attestation_challenge, |
87 ScopedCredentialOptions? options) | 95 ScopedCredentialOptions options) |
88 => (array<ScopedCredentialInfo> scoped_credentials); | 96 => (AuthenticatorStatus status, |
| 97 ScopedCredentialInfo? scoped_credential); |
89 }; | 98 }; |
OLD | NEW |