| OLD | NEW |
|---|
| (Empty) | |
| 1 // Copyright 2017 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. |
| 4 |
| 5 [JavaPackage="org.chromium.webauth.mojom"] |
| 6 module webauth.mojom; |
| 7 |
| 8 // This file describes the communication between the WebAuthentication renderer |
| 9 // implementation and browser-side implementations to create scoped credentials |
| 10 // and use already-created credentials to get assertions. |
| 11 // See https://w3c.github.io/webauthn/. |
| 12 |
| 13 // The public key and attestation that is returned by an authenticator's |
| 14 // call to makeCredential. |
| 15 struct ScopedCredentialInfo { |
| 16 // A blob of data containing the JSON serialization of client data passed |
| 17 // to the authenticator. |
| 18 array<uint8> client_data; |
| 19 // A blob of data returned from the authenticator. |
| 20 array<uint8> attestation; |
| 21 }; |
| 22 |
| 23 // Information about the relying party and the user account held by that |
| 24 // relying party. This information is used by the authenticator to create |
| 25 // or retrieve an appropriate scoped credential for this account. |
| 26 // These fields take arbitrary input. |
| 27 |
| 28 struct RelyingPartyAccount { |
| 29 // Friendly name of the Relying Party, e.g. "Acme Corporation" |
| 30 string relying_party_display_name; |
| 31 // Friendly name associated with the user account, e.g. "John P. Smith" |
| 32 string display_name; |
| 33 // Identifier for the account, corresponding to no more than one credential |
| 34 // per authenticator and Relying Party. |
| 35 string id; |
| 36 // Detailed name for the account, e.g. john.p.smith@example.com |
| 37 string name; |
| 38 // User image, if any. |
| 39 // Todo make this url.mojom.Url in a followup CL |
| 40 string image_url; |
| 41 }; |
| 42 |
| 43 // Parameters that are used to generate an appropriate scoped credential. |
| 44 struct ScopedCredentialParameters { |
| 45 ScopedCredentialType type; |
| 46 // TODO(kpaulhamus): add AlgorithmIdentifier algorithm; |
| 47 }; |
| 48 |
| 49 // Optional parameters that are used during makeCredential. |
| 50 struct ScopedCredentialOptions { |
| 51 //TODO(kpaulhamus): Make this mojo.common.mojom.TimeDelta in followup CL |
| 52 int32 timeout_seconds; |
| 53 string relying_party_id; |
| 54 array<ScopedCredentialDescriptor> exclude_list; |
| 55 // TODO(kpaulhamus): add Extensions |
| 56 }; |
| 57 |
| 58 enum ScopedCredentialType { |
| 59 SCOPEDCRED, |
| 60 }; |
| 61 |
| 62 // Describes the credentials that the relying party already knows about for |
| 63 // the given account. If any of these are known to the authenticator, |
| 64 // it should not create a new credential. |
| 65 struct ScopedCredentialDescriptor { |
| 66 ScopedCredentialType type; |
| 67 // Blob representing a credential key handle. Up to 255 bytes for |
| 68 // U2F authenticators. |
| 69 array<uint8> id; |
| 70 array<Transport> transports; |
| 71 }; |
| 72 |
| 73 enum Transport { |
| 74 USB, |
| 75 NFC, |
| 76 BLE, |
| 77 }; |
| 78 |
| 79 // Interface to direct authenticators to create or use a scoped credential. |
| 80 interface Authenticator { |
| 81 // Gets the credential info for a new credential created by an authenticator |
| 82 // for the given relying party and account. |
| 83 // |attestation_challenge| is a blob passed from the relying party server. |
| 84 MakeCredential(RelyingPartyAccount account_information, |
| 85 array<ScopedCredentialParameters> crypto_parameters, |
| 86 array<uint8> attestation_challenge, |
| 87 ScopedCredentialOptions? options) |
| 88 => (array<ScopedCredentialInfo> scoped_credentials); |
| 89 }; |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2702653002:
Patch #1 of multiple. Add webauth .mojom and initial usage of makeCredential. (Closed)
