OLD | NEW |
| (Empty) |
1 // Copyright 2017 The Chromium Authors. All rights reserved. | |
2 // Use of this source code is governed by a BSD-style license that can be | |
3 // found in the LICENSE file. | |
4 | |
5 [JavaPackage="org.chromium.webauth.mojom"] | |
6 module webauth.mojom; | |
7 | |
8 // This file describes the communication between the WebAuthentication renderer | |
9 // implementation and browser-side implementations to create scoped credentials | |
10 // and use already-created credentials to get assertions. | |
11 // See https://w3c.github.io/webauthn/. | |
12 | |
13 // The public key and attestation that is returned by an authenticator's | |
14 // call to makeCredential. | |
15 struct ScopedCredentialInfo { | |
16 // A blob of data containing the JSON serialization of client data passed | |
17 // to the authenticator. | |
18 array<uint8> client_data; | |
19 // A blob of data returned from the authenticator. | |
20 array<uint8> attestation; | |
21 }; | |
22 | |
23 // Information about the relying party and the user account held by that | |
24 // relying party. This information is used by the authenticator to create | |
25 // or retrieve an appropriate scoped credential for this account. | |
26 // These fields take arbitrary input. | |
27 | |
28 struct RelyingPartyAccount { | |
29 // Friendly name of the Relying Party, e.g. "Acme Corporation" | |
30 string relying_party_display_name; | |
31 // Friendly name associated with the user account, e.g. "John P. Smith" | |
32 string display_name; | |
33 // Identifier for the account, corresponding to no more than one credential | |
34 // per authenticator and Relying Party. | |
35 string id; | |
36 // Detailed name for the account, e.g. john.p.smith@example.com | |
37 string name; | |
38 // User image, if any. | |
39 // Todo make this url.mojom.Url in a followup CL | |
40 string image_url; | |
41 }; | |
42 | |
43 // Parameters that are used to generate an appropriate scoped credential. | |
44 struct ScopedCredentialParameters { | |
45 ScopedCredentialType type; | |
46 // TODO(kpaulhamus): add AlgorithmIdentifier algorithm; | |
47 }; | |
48 | |
49 // Optional parameters that are used during makeCredential. | |
50 struct ScopedCredentialOptions { | |
51 //TODO(kpaulhamus): Make this mojo.common.mojom.TimeDelta in followup CL | |
52 int32 timeout_seconds; | |
53 string relying_party_id; | |
54 array<ScopedCredentialDescriptor> exclude_list; | |
55 // TODO(kpaulhamus): add Extensions | |
56 }; | |
57 | |
58 enum ScopedCredentialType { | |
59 SCOPEDCRED, | |
60 }; | |
61 | |
62 // Describes the credentials that the relying party already knows about for | |
63 // the given account. If any of these are known to the authenticator, | |
64 // it should not create a new credential. | |
65 struct ScopedCredentialDescriptor { | |
66 ScopedCredentialType type; | |
67 // Blob representing a credential key handle. Up to 255 bytes for | |
68 // U2F authenticators. | |
69 array<uint8> id; | |
70 array<Transport> transports; | |
71 }; | |
72 | |
73 enum Transport { | |
74 USB, | |
75 NFC, | |
76 BLE, | |
77 }; | |
78 | |
79 // Interface to direct authenticators to create or use a scoped credential. | |
80 interface Authenticator { | |
81 // Gets the credential info for a new credential created by an authenticator | |
82 // for the given relying party and account. | |
83 // |attestation_challenge| is a blob passed from the relying party server. | |
84 MakeCredential(RelyingPartyAccount account_information, | |
85 array<ScopedCredentialParameters> crypto_parameters, | |
86 array<uint8> attestation_challenge, | |
87 ScopedCredentialOptions? options) | |
88 => (array<ScopedCredentialInfo> scoped_credentials); | |
89 }; | |
OLD | NEW |