summaryrefslogtreecommitdiffstats
path: root/testing/web-platform/tests/secure-payment-confirmation/resources/iframe-authenticate.html
blob: 828e81f60d79abb341779dacc10030521b825dc8 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
<!DOCTYPE html>
<meta charset="utf-8">
<title>SPC Authentication iframe</title>
<script src="/resources/testdriver.js"></script>
<script src="/resources/testdriver-vendor.js"></script>
<script src="../utils.sub.js"></script>
<script>
'use strict';

// Setup the listener first, to avoid race conditions.
window.addEventListener('message', async function handler(evt) {
  window.removeEventListener('message', handler);

  const credentialId = evt.data[0];
  const rpId = evt.data[1];

  // Assume that our parent has already created a virtual authenticator device
  // and set the SPC transaction mode.
  const challenge = 'server challenge';
  const payeeOrigin = 'https://merchant.com';
  const displayName = 'Troycard ***1234';

  try {
    const request = new PaymentRequest([{
      supportedMethods: 'secure-payment-confirmation',
      data: {
        credentialIds: [credentialId],
        challenge: Uint8Array.from(challenge, c => c.charCodeAt(0)),
        payeeOrigin,
        rpId,
        timeout: 60000,
        instrument: {
          displayName,
          icon: ICON_URL,
        },
      }
    }], PAYMENT_DETAILS);

    test_driver.set_test_context(window.parent);
    await test_driver.bless('user activation');
    const responsePromise = request.show();

    const response = await responsePromise;
    await response.complete('success');

    const cred = response.details;

    // Let our parent know the results. Some WebAuthn fields cannot be cloned, so
    // we have to do some teardown ourselves.
    const clientDataJSON = JSON.parse(arrayBufferToString(cred.response.clientDataJSON))
    window.parent.postMessage({ type: 'spc_result', id: cred.id, clientDataJSON }, '*');
  } catch (e) {
    window.parent.postMessage({ type: 'spc_result', error: e }, '*');
  }
});

// Now let our parent know that we are ready to receive the credential ID.
window.parent.postMessage({ type: 'loaded' }, '*');
</script>