OLD | NEW |
1 // Copyright 2017 The Chromium Authors. All rights reserved. | 1 // Copyright 2017 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 [JavaPackage="org.chromium.webauth.mojom"] | 5 [JavaPackage="org.chromium.webauth.mojom"] |
6 module webauth.mojom; | 6 module webauth.mojom; |
7 | 7 |
8 // This file describes the communication between the WebAuthentication renderer | 8 // This file describes the communication between the WebAuthentication renderer |
9 // implementation and browser-side implementations to create scoped credentials | 9 // implementation and browser-side implementations to create scoped credentials |
10 // and use already-created credentials to get assertions. | 10 // and use already-created credentials to get assertions. |
11 // See https://w3c.github.io/webauthn/. | 11 // See https://w3c.github.io/webauthn/. |
12 | 12 |
| 13 enum AuthenticatorStatus { |
| 14 SUCCESS, |
| 15 CANCELLED, |
| 16 UNKNOWN_ERROR, |
| 17 NOT_ALLOWED_ERROR, |
| 18 NOT_SUPPORTED_ERROR, |
| 19 SECURITY_ERROR, |
| 20 NOT_IMPLEMENTED, |
| 21 }; |
| 22 |
13 // The public key and attestation that is returned by an authenticator's | 23 // The public key and attestation that is returned by an authenticator's |
14 // call to makeCredential. | 24 // call to makeCredential. |
15 struct ScopedCredentialInfo { | 25 struct ScopedCredentialInfo { |
16 // A blob of data containing the JSON serialization of client data passed | 26 // A blob of data containing the JSON serialization of client data passed |
17 // to the authenticator. | 27 // to the authenticator. |
18 array<uint8> client_data; | 28 array<uint8> client_data; |
19 // A blob of data returned from the authenticator. | 29 // A blob of data returned from the authenticator. |
20 array<uint8> attestation; | 30 array<uint8> attestation; |
21 }; | 31 }; |
22 | 32 |
23 // Information about the relying party and the user account held by that | 33 // Information about the relying party and the user account held by that |
24 // relying party. This information is used by the authenticator to create | 34 // relying party. This information is used by the authenticator to create |
25 // or retrieve an appropriate scoped credential for this account. | 35 // or retrieve an appropriate scoped credential for this account. |
26 // These fields take arbitrary input. | 36 // These fields take arbitrary input. |
27 | |
28 struct RelyingPartyAccount { | 37 struct RelyingPartyAccount { |
29 // Friendly name of the Relying Party, e.g. "Acme Corporation" | 38 // Friendly name of the Relying Party, e.g. "Acme Corporation" |
30 string relying_party_display_name; | 39 string relying_party_display_name; |
31 // Friendly name associated with the user account, e.g. "John P. Smith" | 40 // Friendly name associated with the user account, e.g. "John P. Smith" |
32 string display_name; | 41 string display_name; |
33 // Identifier for the account, corresponding to no more than one credential | 42 // Identifier for the account, corresponding to no more than one credential |
34 // per authenticator and Relying Party. | 43 // per authenticator and Relying Party. |
35 string id; | 44 string id; |
36 // Detailed name for the account, e.g. john.p.smith@example.com | 45 // Detailed name for the account, e.g. john.p.smith@example.com |
37 string name; | 46 string? name; |
38 // User image, if any. | 47 // User image, if any. |
39 // Todo make this url.mojom.Url in a followup CL | 48 // TODO(kpaulhamus): make this url.mojom.Url in a followup CL |
40 string image_url; | 49 string? image_url; |
41 }; | 50 }; |
42 | 51 |
43 // Parameters that are used to generate an appropriate scoped credential. | 52 // Parameters that are used to generate an appropriate scoped credential. |
44 struct ScopedCredentialParameters { | 53 struct ScopedCredentialParameters { |
45 ScopedCredentialType type; | 54 ScopedCredentialType type; |
46 // TODO(kpaulhamus): add AlgorithmIdentifier algorithm; | 55 // TODO(kpaulhamus): add AlgorithmIdentifier algorithm; |
47 }; | 56 }; |
48 | 57 |
49 // Optional parameters that are used during makeCredential. | 58 // Optional parameters that are used during makeCredential. |
50 struct ScopedCredentialOptions { | 59 struct ScopedCredentialOptions { |
51 //TODO(kpaulhamus): Make this mojo.common.mojom.TimeDelta in followup CL | 60 //TODO(kpaulhamus): Make this mojo.common.mojom.TimeDelta in followup CL |
52 int32 timeout_seconds; | 61 double adjusted_timeout; |
53 string relying_party_id; | 62 string? relying_party_id; |
54 array<ScopedCredentialDescriptor> exclude_list; | 63 array<ScopedCredentialDescriptor> exclude_list; |
55 // TODO(kpaulhamus): add Extensions | 64 // TODO(kpaulhamus): add Extensions |
56 }; | 65 }; |
57 | 66 |
58 enum ScopedCredentialType { | 67 enum ScopedCredentialType { |
59 SCOPEDCRED, | 68 SCOPEDCRED, |
60 }; | 69 }; |
61 | 70 |
62 // Describes the credentials that the relying party already knows about for | 71 // Describes the credentials that the relying party already knows about for |
63 // the given account. If any of these are known to the authenticator, | 72 // the given account. If any of these are known to the authenticator, |
(...skipping 13 matching lines...) Expand all Loading... |
77 }; | 86 }; |
78 | 87 |
79 // Interface to direct authenticators to create or use a scoped credential. | 88 // Interface to direct authenticators to create or use a scoped credential. |
80 interface Authenticator { | 89 interface Authenticator { |
81 // Gets the credential info for a new credential created by an authenticator | 90 // Gets the credential info for a new credential created by an authenticator |
82 // for the given relying party and account. | 91 // for the given relying party and account. |
83 // |attestation_challenge| is a blob passed from the relying party server. | 92 // |attestation_challenge| is a blob passed from the relying party server. |
84 MakeCredential(RelyingPartyAccount account_information, | 93 MakeCredential(RelyingPartyAccount account_information, |
85 array<ScopedCredentialParameters> crypto_parameters, | 94 array<ScopedCredentialParameters> crypto_parameters, |
86 array<uint8> attestation_challenge, | 95 array<uint8> attestation_challenge, |
87 ScopedCredentialOptions? options) | 96 ScopedCredentialOptions options) |
88 => (array<ScopedCredentialInfo> scoped_credentials); | 97 => (AuthenticatorStatus status, |
| 98 ScopedCredentialInfo? scoped_credential); |
89 }; | 99 }; |
OLD | NEW |