| Index: third_party/WebKit/public/platform/modules/webauth/authenticator.mojom
|
| diff --git a/third_party/WebKit/public/platform/modules/webauth/authenticator.mojom b/third_party/WebKit/public/platform/modules/webauth/authenticator.mojom
|
| index bafa09ddfedcfe1e043fd7a1fee8335a8ce33aa9..3becca7694711270453f395956e7ffd209a02404 100644
|
| --- a/third_party/WebKit/public/platform/modules/webauth/authenticator.mojom
|
| +++ b/third_party/WebKit/public/platform/modules/webauth/authenticator.mojom
|
| @@ -5,9 +5,12 @@
|
| [JavaPackage="org.chromium.webauth.mojom"]
|
| module webauth.mojom;
|
|
|
| +import "mojo/common/time.mojom";
|
| +import "url/mojo/url.mojom";
|
| +
|
| // This file describes the communication between the WebAuthentication renderer
|
| -// implementation and browser-side implementations to create scoped credentials
|
| -// and use already-created credentials to get assertions.
|
| +// implementation and browser-side implementations to create public key
|
| +// credentials and use already-created credentials to get assertions.
|
| // See https://w3c.github.io/webauthn/.
|
|
|
| enum AuthenticatorStatus {
|
| @@ -22,79 +25,112 @@ enum AuthenticatorStatus {
|
|
|
| // The public key and attestation that is returned by an authenticator's
|
| // call to makeCredential.
|
| -struct ScopedCredentialInfo {
|
| +struct PublicKeyCredentialInfo {
|
| + // The base64url encoding of |raw_id|.
|
| + string id;
|
| +
|
| + // An identifier for the credential.
|
| + array<uint8> raw_id;
|
| +
|
| // A blob of data containing the JSON serialization of client data passed
|
| // to the authenticator.
|
| - array<uint8> client_data;
|
| - // A blob of data returned from the authenticator.
|
| - array<uint8> attestation;
|
| + array<uint8> client_data_json;
|
| +
|
| + // The response data from the authenticator.
|
| + AuthenticatorResponse response;
|
| };
|
|
|
| -// Information about the relying party and the user account held by that
|
| -// relying party. This information is used by the authenticator to create
|
| -// or retrieve an appropriate scoped credential for this account.
|
| +// Contains the authenticator's response to the request to either
|
| +// create a public key credential, or generate an authentication assertion.
|
| +struct AuthenticatorResponse {
|
| + // A blob of data returned by the authenticator after creating a credential.
|
| + array<uint8> attestation_object;
|
| +
|
| + // A blob of data returned by the authenticator after generating an assertion.
|
| + array<uint8> authenticator_data;
|
| +
|
| + // Cryptographic signature proving possession of the credential private key.
|
| + array<uint8> signature;
|
| +};
|
| +
|
| +// Information about the relying party and the account held by the user at
|
| +// that relying party. This information is used by the authenticator to create
|
| +// or retrieve an appropriate public key credential for this account.
|
| // These fields take arbitrary input.
|
| -struct RelyingPartyAccount {
|
| - // Friendly name of the Relying Party, e.g. "Acme Corporation"
|
| - string relying_party_display_name;
|
| - // Friendly name associated with the user account, e.g. "John P. Smith"
|
| - string display_name;
|
| - // Identifier for the account, corresponding to no more than one credential
|
| - // per authenticator and Relying Party.
|
| +struct PublicKeyCredentialEntity {
|
| + // A unique identifier for the entity. An ASCII serialization of an origin
|
| + // for a relying party, and an arbitrary string specified by the relying party
|
| + // for user accounts.
|
| string id;
|
| - // Detailed name for the account, e.g. john.p.smith@example.com
|
| - string? name;
|
| - // User image, if any.
|
| - // TODO(kpaulhamus): make this url.mojom.Url in a followup CL
|
| - string? image_url;
|
| +
|
| + // Friendly name associated with the entity intended for display.
|
| + // e.g. "Acme Corporation" for a relying party and "john.p.smith@example.com"
|
| + // or "+14255551234" for a user.
|
| + string name;
|
| +
|
| + // Image associated with the entity.
|
| + // For example, this could be a user’s avatar or a relying party's logo.
|
| + url.mojom.Url? icon;
|
| +
|
| + // Contains a friendly name for the user account (e.g., "John P. Smith").
|
| + string? display_name;
|
| };
|
|
|
| -// Parameters that are used to generate an appropriate scoped credential.
|
| -struct ScopedCredentialParameters {
|
| - ScopedCredentialType type;
|
| +// Parameters that are used to generate an appropriate public key credential.
|
| +struct PublicKeyCredentialParameters {
|
| + PublicKeyCredentialType type;
|
| // TODO(kpaulhamus): add AlgorithmIdentifier algorithm;
|
| };
|
|
|
| -// Optional parameters that are used during makeCredential.
|
| -struct ScopedCredentialOptions {
|
| - //TODO(kpaulhamus): Make this mojo.common.mojom.TimeDelta in followup CL
|
| - double adjusted_timeout;
|
| - string? relying_party_id;
|
| - array<ScopedCredentialDescriptor> exclude_list;
|
| - // TODO(kpaulhamus): add Extensions
|
| +// Parameters passed into calls to MakeCredential.
|
| +struct MakeCredentialOptions {
|
| + // Relying party information.
|
| + // Corresponds to |rp| in MakeCredentialOptions.idl.
|
| + PublicKeyCredentialEntity relying_party;
|
| +
|
| + // Information about the user.
|
| + PublicKeyCredentialEntity user;
|
| +
|
| + // A blob passed from the the relying party server.
|
| + array<uint8> challenge;
|
| +
|
| + array<PublicKeyCredentialParameters> crypto_parameters;
|
| +
|
| + mojo.common.mojom.TimeDelta adjusted_timeout;
|
| +
|
| + array<PublicKeyCredentialDescriptor> exclude_credentials;
|
| +
|
| + // TODO(kpaulhamus): add AuthenticatorSelectionCriteria
|
| };
|
|
|
| -enum ScopedCredentialType {
|
| - SCOPEDCRED,
|
| +enum PublicKeyCredentialType {
|
| + PUBLIC_KEY,
|
| };
|
|
|
| // Describes the credentials that the relying party already knows about for
|
| -// the given account. If any of these are known to the authenticator,
|
| +// the given account. If any of these are known to the authenticator,
|
| // it should not create a new credential.
|
| -struct ScopedCredentialDescriptor {
|
| - ScopedCredentialType type;
|
| - // Blob representing a credential key handle. Up to 255 bytes for
|
| +struct PublicKeyCredentialDescriptor {
|
| + PublicKeyCredentialType type;
|
| +
|
| + // Blob representing a credential key handle. Up to 255 bytes for
|
| // U2F authenticators.
|
| array<uint8> id;
|
| - array<Transport> transports;
|
| +
|
| + array<AuthenticatorTransport> transports;
|
| };
|
|
|
| -enum Transport {
|
| +enum AuthenticatorTransport {
|
| USB,
|
| NFC,
|
| BLE,
|
| };
|
|
|
| -// Interface to direct authenticators to create or use a scoped credential.
|
| +// Interface to direct authenticators to create or use a public key credential.
|
| interface Authenticator {
|
| - // Gets the credential info for a new credential created by an authenticator
|
| - // for the given relying party and account.
|
| - // |attestation_challenge| is a blob passed from the relying party server.
|
| - // [ScopedCredentialInfo] will only be set if status == SUCCESS.
|
| - MakeCredential(RelyingPartyAccount account_information,
|
| - array<ScopedCredentialParameters> crypto_parameters,
|
| - array<uint8> attestation_challenge,
|
| - ScopedCredentialOptions options)
|
| - => (AuthenticatorStatus status,
|
| - ScopedCredentialInfo? scoped_credential);
|
| + // Gets the credential info for a new public key credential created by an
|
| + // authenticator for the given |MakeCredentialOptions|
|
| + // [PublicKeyCredentialInfo] will only be set if status == SUCCESS.
|
| + MakeCredential(MakeCredentialOptions options)
|
| + => (AuthenticatorStatus status, PublicKeyCredentialInfo? credential);
|
| };
|
|
|
Chromium Code Reviews
Issue 2966523002:
Blink-layer update to match WebAuthN spec (Closed)
