summaryrefslogtreecommitdiffstats
path: root/dom/webauthn/nsIWebAuthnArgs.idl
blob: 06a6c5ec850b968e404c5e28393508663ecb62c3 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
/* This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */

#include "nsISupports.idl"

typedef long COSEAlgorithmIdentifier;

[uuid(2fc8febe-a277-11ed-bda2-8f6495a5e75c)]
interface nsIWebAuthnRegisterArgs : nsISupports {
    // TODO(Bug 1820035) The origin is only used for prompt callbacks. Refactor and remove.
    readonly attribute AString origin;

    readonly attribute Array<octet> challenge;

    readonly attribute ACString clientDataJSON;

    readonly attribute Array<octet> clientDataHash;

    // A PublicKeyCredentialRpEntity
    readonly attribute AString rpId;
    [must_use] readonly attribute AString rpName;

    // A PublicKeyCredentialUserEntity
    [must_use] readonly attribute Array<octet> userId;
    [must_use] readonly attribute AString userName;
    [must_use] readonly attribute AString userDisplayName;

    // The spec defines this as a sequence<PublicKeyCredentialParameters>.
    // We require type = "public-key" and only serialize the alg fields.
    [must_use] readonly attribute Array<COSEAlgorithmIdentifier> coseAlgs;

    // The spec defines this as a sequence<PublicKeyCredentialDescriptor>,
    // we use separate arrays for the credential IDs and transports.
    readonly attribute Array<Array<octet> > excludeList;
    readonly attribute Array<octet> excludeListTransports;

    // CTAP2 passes extensions in a CBOR map of extension identifier ->
    // WebAuthn AuthenticationExtensionsClientInputs. That's not feasible here.
    // So we define a getter for each supported extension input and use the
    // return code to signal presence.
    [must_use] readonly attribute boolean credProps;
    [must_use] readonly attribute boolean hmacCreateSecret;
    [must_use] readonly attribute boolean minPinLength;

    // Options.
    readonly attribute AString residentKey;
    readonly attribute AString userVerification;
    [must_use] readonly attribute AString authenticatorAttachment;

    // This is the WebAuthn PublicKeyCredentialCreationOptions timeout.
    // Arguably we don't need to pass it through since WebAuthnController can
    // cancel transactions.
    readonly attribute uint32_t timeoutMS;

    // This is the WebAuthn PublicKeyCredentialCreationOptions attestation.
    // We might overwrite the provided value with "none" if the user declines the
    // consent popup.
    [must_use] readonly attribute AString attestationConveyancePreference;
};

[uuid(2e621cf4-a277-11ed-ae00-bf41a54ef553)]
interface nsIWebAuthnSignArgs : nsISupports {
    // TODO(Bug 1820035) The origin is only used for prompt callbacks. Refactor and remove.
    readonly attribute AString origin;

    // The spec only asks for the ID field of a PublicKeyCredentialRpEntity here
    readonly attribute AString rpId;

    readonly attribute Array<octet> challenge;

    readonly attribute ACString clientDataJSON;

    readonly attribute Array<octet> clientDataHash;

    // The spec defines this as a sequence<PublicKeyCredentialDescriptor>,
    // we use separate arrays for the credential IDs and transports.
    readonly attribute Array<Array<octet> > allowList;
    readonly attribute Array<octet> allowListTransports;

    // CTAP2 passes extensions in a CBOR map of extension identifier ->
    // WebAuthn AuthenticationExtensionsClientInputs. That's not feasible here.
    // So we define a getter for each supported extension input and use the
    // return code to signal presence.
    [must_use] readonly attribute boolean hmacCreateSecret;
    [must_use] readonly attribute AString appId;

    // Options
    [must_use] readonly attribute AString userVerification;

    // This is the WebAuthn PublicKeyCredentialCreationOptions timeout.
    // Arguably we don't need to pass it through since WebAuthnController can
    // cancel transactions.
    readonly attribute unsigned long timeoutMS;

    readonly attribute boolean conditionallyMediated;
};