summaryrefslogtreecommitdiffstats
path: root/dom/webauthn/nsIWebAuthnService.idl
blob: 6525508057485a59f6d5b637e83aa638d5bb0cb0 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
/* This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */

#include "nsISupports.idl"
#include "nsIWebAuthnArgs.idl"
#include "nsIWebAuthnPromise.idl"

[scriptable, uuid(6c4ecd9f-57c0-4d7d-8080-bf6e4d499f8f)]
interface nsICredentialParameters : nsISupports
{
    readonly attribute ACString credentialId;
    readonly attribute bool isResidentCredential;
    readonly attribute ACString rpId;
    readonly attribute ACString privateKey;
    readonly attribute ACString userHandle;
    readonly attribute uint32_t signCount;
};

[scriptable, uuid(686d552e-a39d-4ba2-8127-faca54274039)]
interface nsIWebAuthnAutoFillEntry: nsISupports
{
    const octet PROVIDER_UNKNOWN = 0;
    const octet PROVIDER_TEST_TOKEN = 1;
    const octet PROVIDER_PLATFORM_WINDOWS = 2;
    const octet PROVIDER_PLATFORM_MACOS = 3;
    const octet PROVIDER_PLATFORM_ANDROID = 4;

    readonly attribute octet provider;
    readonly attribute AString userName;
    readonly attribute AString rpId;
    readonly attribute Array<uint8_t> credentialId;
};

[scriptable, uuid(e236a9b4-a26f-11ed-b6cc-07a9834e19b1)]
interface nsIWebAuthnService : nsISupports
{
    // IsUserVerifyingPlatformAuthenticatorAvailable
    readonly attribute bool isUVPAA;

    void makeCredential(
        in uint64_t aTransactionId,
        in uint64_t browsingContextId,
        in nsIWebAuthnRegisterArgs args,
        in nsIWebAuthnRegisterPromise promise);

    void getAssertion(
        in uint64_t aTransactionId,
        in uint64_t browsingContextId,
        in nsIWebAuthnSignArgs args,
        in nsIWebAuthnSignPromise promise);

    // Cancel the ongoing transaction and any prompts that are shown, but do not reject
    // its promise. This is used by the IPC parent when it receives an abort signal.
    // The IPC child has already rejected the promises at this point.
    [noscript] void reset();

    // Cancel the ongoing transaction. Reject its promise, but do not cancel
    // prompts. This is used by WebAuthnPromptHelper when the user hits the
    // "cancel" button.
    void cancel(in uint64_t aTransactionId);

    // `hasPendingConditionalGet` returns the transaction ID of a pending
    // conditionally-mediated getAssertion promise. The browsing context and
    // origin arguments must match those of the pending promise. If there is no
    // pending getAssertion promise, or the browsing context and origin do not
    // match, then `hasPendingConditionalGet` returns 0.
    uint64_t hasPendingConditionalGet(in uint64_t aBrowsingContextId, in AString aOrigin);

    // If there is a pending conditionally-mediated getAssertion promise with
    // transaction ID equal to `aTransactionId`, `getAutoFillEntries` returns
    // an nsIWebAuthnAutoFillEntry for each silently discoverable credential
    // that can be used to fullfill the request.
    Array<nsIWebAuthnAutoFillEntry> getAutoFillEntries(in uint64_t aTransactionId);

    // A pending conditionally-mediated getAssertion promise is resolved by
    // calling `selectAutoFillEntry` or `resumeConditionalGet`.
    // `selectAutoFillEntry` specifies the credential ID that should be used to
    // fulfill the request, whereas `resumeConditionalGet` indicates that any
    // allowed credential can be used.
    void selectAutoFillEntry(in uint64_t aTransactionId, in Array<uint8_t> aCredentialId);
    void resumeConditionalGet(in uint64_t aTransactionId);

    void pinCallback(in uint64_t aTransactionId, in ACString aPin);
    void resumeMakeCredential(in uint64_t aTransactionId, in bool aForceNoneAttestation);
    void selectionCallback(in uint64_t aTransactionId, in uint64_t aIndex);

    // Adds a virtual (software) authenticator for use in tests (particularly
    // tests run via WebDriver). See
    // https://w3c.github.io/webauthn/#sctn-automation-add-virtual-authenticator.
    uint64_t addVirtualAuthenticator(
        in ACString protocol,
        in ACString transport,
        in bool hasResidentKey,
        in bool hasUserVerification,
        in bool isUserConsenting,
        in bool isUserVerified);

    // Removes a previously-added virtual authenticator, as identified by its
    // id. See
    // https://w3c.github.io/webauthn/#sctn-automation-remove-virtual-authenticator
    void removeVirtualAuthenticator(in uint64_t authenticatorId);

    // Adds a credential to a previously-added authenticator. See
    // https://w3c.github.io/webauthn/#sctn-automation-add-credential
    void addCredential(
        in uint64_t authenticatorId,
        in ACString credentialId,
        in bool isResidentCredential,
        in ACString rpId,
        in ACString privateKey,
        in ACString userHandle,
        in uint32_t signCount);

    // Gets all credentials that have been added to a virtual authenticator.
    // See https://w3c.github.io/webauthn/#sctn-automation-get-credentials
    Array<nsICredentialParameters> getCredentials(in uint64_t authenticatorId);

    // Removes a credential from a virtual authenticator. See
    // https://w3c.github.io/webauthn/#sctn-automation-remove-credential
    void removeCredential(in uint64_t authenticatorId, in ACString credentialId);

    // Removes all credentials from a virtual authenticator. See
    // https://w3c.github.io/webauthn/#sctn-automation-remove-all-credentials
    void removeAllCredentials(in uint64_t authenticatorId);

    // Sets the "isUserVerified" bit on a virtual authenticator. See
    // https://w3c.github.io/webauthn/#sctn-automation-set-user-verified
    void setUserVerified(in uint64_t authenticatorId, in bool isUserVerified);

    // about:webauthn-specific functions
    void listen();
    void runCommand(in ACString aCommand);
};