/* -*- Mode: IDL; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ /* This Source Code Form is subject to the terms of the Mozilla Public * License, v. 2.0. If a copy of the MPL was not distributed with this file, * You can obtain one at http://mozilla.org/MPL/2.0/. * * The origin of this IDL file is * https://w3c.github.io/webauthn/ */ /***** Interfaces to Data *****/ [SecureContext, Pref="security.webauth.webauthn", Exposed=Window] interface PublicKeyCredential : Credential { [SameObject] readonly attribute ArrayBuffer rawId; [SameObject] readonly attribute AuthenticatorResponse response; AuthenticationExtensionsClientOutputs getClientExtensionResults(); }; [SecureContext] partial interface PublicKeyCredential { static Promise isUserVerifyingPlatformAuthenticatorAvailable(); // isExternalCTAP2SecurityKeySupported is non-standard; see Bug 1526023 static Promise isExternalCTAP2SecurityKeySupported(); }; [SecureContext, Pref="security.webauth.webauthn", Exposed=Window] interface AuthenticatorResponse { [SameObject] readonly attribute ArrayBuffer clientDataJSON; }; [SecureContext, Pref="security.webauth.webauthn", Exposed=Window] interface AuthenticatorAttestationResponse : AuthenticatorResponse { [SameObject] readonly attribute ArrayBuffer attestationObject; }; [SecureContext, Pref="security.webauth.webauthn", Exposed=Window] interface AuthenticatorAssertionResponse : AuthenticatorResponse { [SameObject] readonly attribute ArrayBuffer authenticatorData; [SameObject] readonly attribute ArrayBuffer signature; [SameObject] readonly attribute ArrayBuffer? userHandle; }; dictionary PublicKeyCredentialParameters { required PublicKeyCredentialType type; required COSEAlgorithmIdentifier alg; }; dictionary PublicKeyCredentialCreationOptions { required PublicKeyCredentialRpEntity rp; required PublicKeyCredentialUserEntity user; required BufferSource challenge; required sequence pubKeyCredParams; unsigned long timeout; sequence excludeCredentials = []; // FIXME: bug 1493860: should this "= {}" be here? AuthenticatorSelectionCriteria authenticatorSelection = {}; AttestationConveyancePreference attestation = "none"; // FIXME: bug 1493860: should this "= {}" be here? AuthenticationExtensionsClientInputs extensions = {}; }; dictionary PublicKeyCredentialEntity { required DOMString name; USVString icon; }; dictionary PublicKeyCredentialRpEntity : PublicKeyCredentialEntity { DOMString id; }; dictionary PublicKeyCredentialUserEntity : PublicKeyCredentialEntity { required BufferSource id; required DOMString displayName; }; dictionary AuthenticatorSelectionCriteria { AuthenticatorAttachment authenticatorAttachment; boolean requireResidentKey = false; UserVerificationRequirement userVerification = "preferred"; }; enum AuthenticatorAttachment { "platform", // Platform attachment "cross-platform" // Cross-platform attachment }; enum AttestationConveyancePreference { "none", "indirect", "direct" }; enum UserVerificationRequirement { "required", "preferred", "discouraged" }; dictionary PublicKeyCredentialRequestOptions { required BufferSource challenge; unsigned long timeout; USVString rpId; sequence allowCredentials = []; UserVerificationRequirement userVerification = "preferred"; // FIXME: bug 1493860: should this "= {}" be here? AuthenticationExtensionsClientInputs extensions = {}; }; // TODO - Use partial dictionaries when bug 1436329 is fixed. dictionary AuthenticationExtensionsClientInputs { // FIDO AppID Extension (appid) // USVString appid; // hmac-secret // boolean hmacCreateSecret; }; // TODO - Use partial dictionaries when bug 1436329 is fixed. dictionary AuthenticationExtensionsClientOutputs { // FIDO AppID Extension (appid) // boolean appid; // boolean hmacCreateSecret; }; typedef record AuthenticationExtensionsAuthenticatorInputs; [GenerateToJSON] dictionary CollectedClientData { required DOMString type; required DOMString challenge; required DOMString origin; required DOMString hashAlgorithm; DOMString tokenBindingId; // FIXME: bug 1493860: should this "= {}" be here? AuthenticationExtensionsClientInputs clientExtensions = {}; AuthenticationExtensionsAuthenticatorInputs authenticatorExtensions; }; enum PublicKeyCredentialType { "public-key" }; dictionary PublicKeyCredentialDescriptor { required PublicKeyCredentialType type; required BufferSource id; // Transports is a string that is matched against the AuthenticatorTransport // enumeration so that we have forward-compatibility for new transports. sequence transports; }; enum AuthenticatorTransport { "usb", "nfc", "ble", "internal" }; typedef long COSEAlgorithmIdentifier; typedef sequence AuthenticatorSelectionList; typedef BufferSource AAGUID; /* // FIDO AppID Extension (appid) // partial dictionary AuthenticationExtensionsClientInputs { USVString appid; }; // FIDO AppID Extension (appid) // partial dictionary AuthenticationExtensionsClientOutputs { boolean appid; }; */