117 lines
5.1 KiB
Text
117 lines
5.1 KiB
Text
/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
|
|
/* This Source Code Form is subject to the terms of the Mozilla Public
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
|
|
|
|
#include "nsISupports.idl"
|
|
|
|
typedef long COSEAlgorithmIdentifier;
|
|
|
|
[uuid(2fc8febe-a277-11ed-bda2-8f6495a5e75c)]
|
|
interface nsIWebAuthnRegisterArgs : nsISupports {
|
|
// TODO(Bug 1820035) The origin is only used for prompt callbacks. Refactor and remove.
|
|
readonly attribute AString origin;
|
|
|
|
readonly attribute Array<octet> challenge;
|
|
|
|
readonly attribute ACString clientDataJSON;
|
|
|
|
readonly attribute Array<octet> clientDataHash;
|
|
|
|
// A PublicKeyCredentialRpEntity
|
|
readonly attribute AString rpId;
|
|
[must_use] readonly attribute AString rpName;
|
|
|
|
// A PublicKeyCredentialUserEntity
|
|
[must_use] readonly attribute Array<octet> userId;
|
|
[must_use] readonly attribute AString userName;
|
|
[must_use] readonly attribute AString userDisplayName;
|
|
|
|
// The spec defines this as a sequence<PublicKeyCredentialParameters>.
|
|
// We require type = "public-key" and only serialize the alg fields.
|
|
[must_use] readonly attribute Array<COSEAlgorithmIdentifier> coseAlgs;
|
|
|
|
// The spec defines this as a sequence<PublicKeyCredentialDescriptor>,
|
|
// we use separate arrays for the credential IDs and transports.
|
|
readonly attribute Array<Array<octet> > excludeList;
|
|
readonly attribute Array<octet> excludeListTransports;
|
|
|
|
// CTAP2 passes extensions in a CBOR map of extension identifier ->
|
|
// WebAuthn AuthenticationExtensionsClientInputs. That's not feasible here.
|
|
// So we define a getter for each supported extension input and use the
|
|
// return code to signal presence.
|
|
[must_use] readonly attribute AUTF8String credentialProtectionPolicy;
|
|
[must_use] readonly attribute boolean enforceCredentialProtectionPolicy;
|
|
[must_use] readonly attribute boolean credProps;
|
|
[must_use] readonly attribute boolean hmacCreateSecret;
|
|
[must_use] readonly attribute boolean minPinLength;
|
|
[must_use] readonly attribute boolean prf;
|
|
[must_use] readonly attribute Array<octet> prfEvalFirst;
|
|
[must_use] readonly attribute Array<octet> prfEvalSecond;
|
|
[must_use] readonly attribute boolean largeBlobSupportRequired;
|
|
|
|
// Options.
|
|
readonly attribute AString residentKey;
|
|
readonly attribute AString userVerification;
|
|
[must_use] readonly attribute AString authenticatorAttachment;
|
|
|
|
// This is the WebAuthn PublicKeyCredentialCreationOptions timeout.
|
|
// Arguably we don't need to pass it through since WebAuthnController can
|
|
// cancel transactions.
|
|
readonly attribute uint32_t timeoutMS;
|
|
|
|
// This is the WebAuthn PublicKeyCredentialCreationOptions attestation.
|
|
// We might overwrite the provided value with "none" if the user declines the
|
|
// consent popup.
|
|
[must_use] readonly attribute AString attestationConveyancePreference;
|
|
|
|
readonly attribute boolean privateBrowsing;
|
|
};
|
|
|
|
[uuid(2e621cf4-a277-11ed-ae00-bf41a54ef553)]
|
|
interface nsIWebAuthnSignArgs : nsISupports {
|
|
// TODO(Bug 1820035) The origin is only used for prompt callbacks. Refactor and remove.
|
|
readonly attribute AString origin;
|
|
|
|
// The spec only asks for the ID field of a PublicKeyCredentialRpEntity here
|
|
readonly attribute AString rpId;
|
|
|
|
readonly attribute Array<octet> challenge;
|
|
|
|
readonly attribute ACString clientDataJSON;
|
|
|
|
readonly attribute Array<octet> clientDataHash;
|
|
|
|
// The spec defines this as a sequence<PublicKeyCredentialDescriptor>,
|
|
// we use separate arrays for the credential IDs and transports.
|
|
readonly attribute Array<Array<octet> > allowList;
|
|
readonly attribute Array<octet> allowListTransports;
|
|
|
|
// CTAP2 passes extensions in a CBOR map of extension identifier ->
|
|
// WebAuthn AuthenticationExtensionsClientInputs. That's not feasible here.
|
|
// So we define a getter for each supported extension input and use the
|
|
// return code to signal presence.
|
|
[must_use] readonly attribute boolean hmacCreateSecret;
|
|
[must_use] readonly attribute AString appId;
|
|
[must_use] readonly attribute boolean prf;
|
|
[must_use] readonly attribute Array<octet> prfEvalFirst;
|
|
[must_use] readonly attribute Array<octet> prfEvalSecond;
|
|
[must_use] readonly attribute Array<Array<octet> > prfEvalByCredentialCredentialId;
|
|
[must_use] readonly attribute Array<Array<octet> > prfEvalByCredentialEvalFirst;
|
|
[must_use] readonly attribute Array<boolean> prfEvalByCredentialEvalSecondMaybe;
|
|
[must_use] readonly attribute Array<Array<octet> > prfEvalByCredentialEvalSecond;
|
|
[must_use] readonly attribute boolean largeBlobRead;
|
|
[must_use] readonly attribute Array<octet> largeBlobWrite;
|
|
|
|
// Options
|
|
[must_use] readonly attribute AString userVerification;
|
|
|
|
// This is the WebAuthn PublicKeyCredentialCreationOptions timeout.
|
|
// Arguably we don't need to pass it through since WebAuthnController can
|
|
// cancel transactions.
|
|
readonly attribute unsigned long timeoutMS;
|
|
|
|
readonly attribute boolean conditionallyMediated;
|
|
|
|
readonly attribute boolean privateBrowsing;
|
|
};
|