blob: 72999092faa73bc54504b1c3db777711eb7c7ea6 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
|
/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#include "nsISupports.idl"
typedef long COSEAlgorithmIdentifier;
[uuid(2fc8febe-a277-11ed-bda2-8f6495a5e75c)]
interface nsIWebAuthnRegisterArgs : nsISupports {
// TODO(Bug 1820035) The origin is only used for prompt callbacks. Refactor and remove.
readonly attribute AString origin;
readonly attribute Array<octet> challenge;
readonly attribute ACString clientDataJSON;
readonly attribute Array<octet> clientDataHash;
// A PublicKeyCredentialRpEntity
readonly attribute AString rpId;
[must_use] readonly attribute AString rpName;
// A PublicKeyCredentialUserEntity
[must_use] readonly attribute Array<octet> userId;
[must_use] readonly attribute AString userName;
[must_use] readonly attribute AString userDisplayName;
// The spec defines this as a sequence<PublicKeyCredentialParameters>.
// We require type = "public-key" and only serialize the alg fields.
[must_use] readonly attribute Array<COSEAlgorithmIdentifier> coseAlgs;
// The spec defines this as a sequence<PublicKeyCredentialDescriptor>,
// we use separate arrays for the credential IDs and transports.
readonly attribute Array<Array<octet> > excludeList;
readonly attribute Array<octet> excludeListTransports;
// CTAP2 passes extensions in a CBOR map of extension identifier ->
// WebAuthn AuthenticationExtensionsClientInputs. That's not feasible here.
// So we define a getter for each supported extension input and use the
// return code to signal presence.
[must_use] readonly attribute bool credProps;
[must_use] readonly attribute bool hmacCreateSecret;
[must_use] readonly attribute bool minPinLength;
// Options.
readonly attribute AString residentKey;
readonly attribute AString userVerification;
[must_use] readonly attribute AString authenticatorAttachment;
// This is the WebAuthn PublicKeyCredentialCreationOptions timeout.
// Arguably we don't need to pass it through since WebAuthnController can
// cancel transactions.
readonly attribute uint32_t timeoutMS;
// This is the WebAuthn PublicKeyCredentialCreationOptions attestation.
// We might overwrite the provided value with "none" if the user declines the
// consent popup.
[must_use] readonly attribute AString attestationConveyancePreference;
};
[uuid(2e621cf4-a277-11ed-ae00-bf41a54ef553)]
interface nsIWebAuthnSignArgs : nsISupports {
// TODO(Bug 1820035) The origin is only used for prompt callbacks. Refactor and remove.
readonly attribute AString origin;
// The spec only asks for the ID field of a PublicKeyCredentialRpEntity here
readonly attribute AString rpId;
readonly attribute Array<octet> challenge;
readonly attribute ACString clientDataJSON;
readonly attribute Array<octet> clientDataHash;
// The spec defines this as a sequence<PublicKeyCredentialDescriptor>,
// we use separate arrays for the credential IDs and transports.
readonly attribute Array<Array<octet> > allowList;
readonly attribute Array<octet> allowListTransports;
// CTAP2 passes extensions in a CBOR map of extension identifier ->
// WebAuthn AuthenticationExtensionsClientInputs. That's not feasible here.
// So we define a getter for each supported extension input and use the
// return code to signal presence.
[must_use] readonly attribute bool hmacCreateSecret;
[must_use] readonly attribute AString appId;
// Options
[must_use] readonly attribute AString userVerification;
// This is the WebAuthn PublicKeyCredentialCreationOptions timeout.
// Arguably we don't need to pass it through since WebAuthnController can
// cancel transactions.
readonly attribute unsigned long timeoutMS;
readonly attribute bool conditionallyMediated;
};
|
