commit 6a03e48f5062746113d7f8f3c021732057bd4278
parent 9ebbf095db508deaf82885c404436a5c3c37babf
Author: John M. Schanck <jschanck@mozilla.com>
Date: Tue, 28 Oct 2025 15:27:38 +0000
Bug 1996387 - webauthn webidl cleanup. r=keeler,webidl,smaug
Differential Revision: https://phabricator.services.mozilla.com/D270066
Diffstat:
1 file changed, 82 insertions(+), 116 deletions(-)
diff --git a/dom/webidl/WebAuthentication.webidl b/dom/webidl/WebAuthentication.webidl
@@ -24,7 +24,7 @@ typedef DOMString Base64URLString;
[GenerateConversionToJS]
dictionary RegistrationResponseJSON {
- required Base64URLString id;
+ required DOMString id;
required Base64URLString rawId;
required AuthenticatorAttestationResponseJSON response;
DOMString authenticatorAttachment;
@@ -52,7 +52,7 @@ dictionary AuthenticatorAttestationResponseJSON {
[GenerateConversionToJS]
dictionary AuthenticationResponseJSON {
- required Base64URLString id;
+ required DOMString id;
required Base64URLString rawId;
required AuthenticatorAssertionResponseJSON response;
DOMString authenticatorAttachment;
@@ -66,7 +66,6 @@ dictionary AuthenticatorAssertionResponseJSON {
required Base64URLString authenticatorData;
required Base64URLString signature;
Base64URLString userHandle;
- Base64URLString attestationObject;
};
[GenerateConversionToJS]
@@ -80,17 +79,16 @@ partial interface PublicKeyCredential {
[SecureContext]
partial interface PublicKeyCredential {
- [Throws, Pref="security.webauthn.enable_json_serialization_methods"] static PublicKeyCredentialCreationOptions parseCreationOptionsFromJSON(PublicKeyCredentialCreationOptionsJSON options);
+ [Throws] static Promise<PublicKeyCredentialClientCapabilities> getClientCapabilities();
};
-// https://w3c.github.io/webauthn/#sctn-getClientCapabilities
+typedef record<DOMString, boolean> PublicKeyCredentialClientCapabilities;
+
[SecureContext]
partial interface PublicKeyCredential {
- [Throws] static Promise<PublicKeyCredentialClientCapabilities> getClientCapabilities();
+ [Throws, Pref="security.webauthn.enable_json_serialization_methods"] static PublicKeyCredentialCreationOptions parseCreationOptionsFromJSON(PublicKeyCredentialCreationOptionsJSON options);
};
-typedef record<DOMString, boolean> PublicKeyCredentialClientCapabilities;
-
dictionary PublicKeyCredentialCreationOptionsJSON {
required PublicKeyCredentialRpEntity rp;
required PublicKeyCredentialUserEntityJSON user;
@@ -112,8 +110,8 @@ dictionary PublicKeyCredentialUserEntityJSON {
};
dictionary PublicKeyCredentialDescriptorJSON {
- required Base64URLString id;
required DOMString type;
+ required Base64URLString id;
sequence<DOMString> transports;
};
@@ -132,8 +130,6 @@ dictionary PublicKeyCredentialRequestOptionsJSON {
sequence<PublicKeyCredentialDescriptorJSON> allowCredentials = [];
DOMString userVerification = "preferred";
sequence<DOMString> hints = [];
- DOMString attestation = "none";
- sequence<DOMString> attestationFormats = [];
AuthenticationExtensionsClientInputsJSON extensions;
};
@@ -162,16 +158,16 @@ interface AuthenticatorAssertionResponse : AuthenticatorResponse {
};
dictionary PublicKeyCredentialParameters {
- required DOMString type;
- required COSEAlgorithmIdentifier alg;
+ required DOMString type;
+ required COSEAlgorithmIdentifier alg;
};
dictionary PublicKeyCredentialCreationOptions {
- required PublicKeyCredentialRpEntity rp;
- required PublicKeyCredentialUserEntity user;
+ required PublicKeyCredentialRpEntity rp;
+ required PublicKeyCredentialUserEntity user;
- required BufferSource challenge;
- required sequence<PublicKeyCredentialParameters> pubKeyCredParams;
+ required BufferSource challenge;
+ required sequence<PublicKeyCredentialParameters> pubKeyCredParams;
unsigned long timeout;
sequence<PublicKeyCredentialDescriptor> excludeCredentials = [];
@@ -206,7 +202,7 @@ dictionary AuthenticatorSelectionCriteria {
dictionary PublicKeyCredentialRequestOptions {
required BufferSource challenge;
unsigned long timeout;
- USVString rpId;
+ DOMString rpId;
sequence<PublicKeyCredentialDescriptor> allowCredentials = [];
DOMString userVerification = "preferred";
sequence<DOMString> hints = [];
@@ -252,33 +248,22 @@ typedef sequence<AAGUID> AuthenticatorSelectionList;
typedef BufferSource AAGUID;
partial dictionary AuthenticationExtensionsClientInputs {
- USVString appid;
-};
-
-partial dictionary AuthenticationExtensionsClientOutputs {
- boolean appid;
+ DOMString appid;
};
-
-// The spec does not define any partial dictionaries that modify
-// AuthenticationExtensionsClientInputsJSON, but this seems to be an error. All changes to
-// AuthenticationExtensionsClientInputs must be accompanied by changes to
-// AuthenticationExtensionsClientInputsJSON for parseCreationOptionsFromJSON and
-// parseRequestOptionsFromJSON to function correctly.
-// (see: https://github.com/w3c/webauthn/issues/1968).
partial dictionary AuthenticationExtensionsClientInputsJSON {
- USVString appid;
+ DOMString appid;
};
-// We also deviate from the spec by mirroring changes to AuthenticationExtensionsClientOutputs in
-// AuthenticationExtensionsClientOutputsJSON.
+partial dictionary AuthenticationExtensionsClientOutputs {
+ boolean appid;
+};
partial dictionary AuthenticationExtensionsClientOutputsJSON {
- boolean appid;
+ boolean appid;
};
partial dictionary AuthenticationExtensionsClientInputs {
boolean credProps;
};
-
partial dictionary AuthenticationExtensionsClientInputsJSON {
boolean credProps;
};
@@ -290,65 +275,54 @@ dictionary CredentialPropertiesOutput {
partial dictionary AuthenticationExtensionsClientOutputs {
CredentialPropertiesOutput credProps;
};
-
partial dictionary AuthenticationExtensionsClientOutputsJSON {
CredentialPropertiesOutput credProps;
};
-/*
- * CTAP2 Extensions
- * <https://fidoalliance.org/specs/fido-v2.1-ps-20210615/fido-client-to-authenticator-protocol-v2.1-ps-errata-20220621.html#sctn-defined-extensions>
- */
+dictionary AuthenticationExtensionsPRFValues {
+ required BufferSource first;
+ BufferSource second;
+};
+dictionary AuthenticationExtensionsPRFValuesJSON {
+ required Base64URLString first;
+ Base64URLString second;
+};
-// credProtect
-// <https://fidoalliance.org/specs/fido-v2.2-rd-20230321/fido-client-to-authenticator-protocol-v2.2-rd-20230321.html#sctn-credProtect-extension>
-enum CredentialProtectionPolicy {
- "userVerificationOptional",
- "userVerificationOptionalWithCredentialIDList",
- "userVerificationRequired",
+dictionary AuthenticationExtensionsPRFInputs {
+ AuthenticationExtensionsPRFValues eval;
+ record<DOMString, AuthenticationExtensionsPRFValues> evalByCredential;
+};
+dictionary AuthenticationExtensionsPRFInputsJSON {
+ AuthenticationExtensionsPRFValuesJSON eval;
+ record<DOMString, AuthenticationExtensionsPRFValuesJSON> evalByCredential;
};
partial dictionary AuthenticationExtensionsClientInputs {
- CredentialProtectionPolicy credentialProtectionPolicy;
- // The specification includes a default `= false` value for
- // enforceCredentialProtectionPolicy. We omit it here to distinguish between
- // three logical cases: the extension was not sent, the extension was sent
- // with value false, the extension was sent with value true.
- boolean enforceCredentialProtectionPolicy;
+ AuthenticationExtensionsPRFInputs prf;
};
-
partial dictionary AuthenticationExtensionsClientInputsJSON {
- CredentialProtectionPolicy credentialProtectionPolicy;
- boolean enforceCredentialProtectionPolicy;
+ AuthenticationExtensionsPRFInputsJSON prf;
};
-// hmac-secret
-// <https://fidoalliance.org/specs/fido-v2.1-ps-20210615/fido-client-to-authenticator-protocol-v2.1-ps-errata-20220621.html#sctn-hmac-secret-extension>
-// note: we don't support hmac-secret in get() (see instead the prf extension)
-// so we only define the create() inputs and outputs here.
-
-partial dictionary AuthenticationExtensionsClientInputs {
- boolean hmacCreateSecret;
+dictionary AuthenticationExtensionsPRFOutputs {
+ boolean enabled;
+ AuthenticationExtensionsPRFValues results;
};
-
-partial dictionary AuthenticationExtensionsClientOutputs {
- boolean hmacCreateSecret;
+dictionary AuthenticationExtensionsPRFOutputsJSON {
+ boolean enabled;
+ AuthenticationExtensionsPRFValuesJSON results;
};
-partial dictionary AuthenticationExtensionsClientInputsJSON {
- boolean hmacCreateSecret;
+partial dictionary AuthenticationExtensionsClientOutputs {
+ AuthenticationExtensionsPRFOutputs prf;
};
-
partial dictionary AuthenticationExtensionsClientOutputsJSON {
- boolean hmacCreateSecret;
+ AuthenticationExtensionsPRFOutputsJSON prf;
};
-// largeBlob
-// <https://w3c.github.io/webauthn/#sctn-large-blob-extension>
partial dictionary AuthenticationExtensionsClientInputs {
AuthenticationExtensionsLargeBlobInputs largeBlob;
};
-
partial dictionary AuthenticationExtensionsClientInputsJSON {
AuthenticationExtensionsLargeBlobInputsJSON largeBlob;
};
@@ -358,7 +332,6 @@ dictionary AuthenticationExtensionsLargeBlobInputs {
boolean read;
BufferSource write;
};
-
dictionary AuthenticationExtensionsLargeBlobInputsJSON {
DOMString support;
boolean read;
@@ -368,7 +341,6 @@ dictionary AuthenticationExtensionsLargeBlobInputsJSON {
partial dictionary AuthenticationExtensionsClientOutputs {
AuthenticationExtensionsLargeBlobOutputs largeBlob;
};
-
partial dictionary AuthenticationExtensionsClientOutputsJSON {
AuthenticationExtensionsLargeBlobOutputsJSON largeBlob;
};
@@ -378,68 +350,62 @@ dictionary AuthenticationExtensionsLargeBlobOutputs {
ArrayBuffer blob;
boolean written;
};
-
dictionary AuthenticationExtensionsLargeBlobOutputsJSON {
boolean supported;
Base64URLString blob;
boolean written;
};
-// minPinLength
-// <https://fidoalliance.org/specs/fido-v2.1-ps-20210615/fido-client-to-authenticator-protocol-v2.1-ps-errata-20220621.html#sctn-minpinlength-extension>
+/*
+ * CTAP2 Extensions
+ * <https://fidoalliance.org/specs/fido-v2.1-ps-20210615/fido-client-to-authenticator-protocol-v2.1-ps-errata-20220621.html#sctn-defined-extensions>
+ */
+
+// credProtect
+// <https://fidoalliance.org/specs/fido-v2.2-rd-20230321/fido-client-to-authenticator-protocol-v2.2-rd-20230321.html#sctn-credProtect-extension>
+enum CredentialProtectionPolicy {
+ "userVerificationOptional",
+ "userVerificationOptionalWithCredentialIDList",
+ "userVerificationRequired",
+};
partial dictionary AuthenticationExtensionsClientInputs {
- boolean minPinLength;
+ CredentialProtectionPolicy credentialProtectionPolicy;
+ // The specification includes a default `= false` value for
+ // enforceCredentialProtectionPolicy. We omit it here to distinguish between
+ // three logical cases: the extension was not sent, the extension was sent
+ // with value false, the extension was sent with value true.
+ boolean enforceCredentialProtectionPolicy;
};
-
partial dictionary AuthenticationExtensionsClientInputsJSON {
- boolean minPinLength;
+ CredentialProtectionPolicy credentialProtectionPolicy;
+ boolean enforceCredentialProtectionPolicy;
};
-
-// prf
-// <https://w3c.github.io/webauthn/#prf-extension>
-dictionary AuthenticationExtensionsPRFValues {
- required BufferSource first;
- BufferSource second;
+// hmac-secret
+// <https://fidoalliance.org/specs/fido-v2.1-ps-20210615/fido-client-to-authenticator-protocol-v2.1-ps-errata-20220621.html#sctn-hmac-secret-extension>
+// note: we don't support hmac-secret in get() (see instead the prf extension)
+// so we only define the create() inputs and outputs here.
+partial dictionary AuthenticationExtensionsClientInputs {
+ boolean hmacCreateSecret;
};
-
-dictionary AuthenticationExtensionsPRFValuesJSON {
- required Base64URLString first;
- Base64URLString second;
+partial dictionary AuthenticationExtensionsClientInputsJSON {
+ boolean hmacCreateSecret;
};
-dictionary AuthenticationExtensionsPRFInputs {
- AuthenticationExtensionsPRFValues eval;
- record<USVString, AuthenticationExtensionsPRFValues> evalByCredential;
+partial dictionary AuthenticationExtensionsClientOutputs {
+ boolean hmacCreateSecret;
};
-
-dictionary AuthenticationExtensionsPRFInputsJSON {
- AuthenticationExtensionsPRFValuesJSON eval;
- record<USVString, AuthenticationExtensionsPRFValuesJSON> evalByCredential;
+partial dictionary AuthenticationExtensionsClientOutputsJSON {
+ boolean hmacCreateSecret;
};
+// minPinLength
+// <https://fidoalliance.org/specs/fido-v2.1-ps-20210615/fido-client-to-authenticator-protocol-v2.1-ps-errata-20220621.html#sctn-minpinlength-extension>
partial dictionary AuthenticationExtensionsClientInputs {
- AuthenticationExtensionsPRFInputs prf;
+ boolean minPinLength;
};
-
partial dictionary AuthenticationExtensionsClientInputsJSON {
- AuthenticationExtensionsPRFInputsJSON prf;
-};
-
-dictionary AuthenticationExtensionsPRFOutputs {
- boolean enabled;
- AuthenticationExtensionsPRFValues results;
-};
-
-dictionary AuthenticationExtensionsPRFOutputsJSON {
- boolean enabled;
- AuthenticationExtensionsPRFValuesJSON results;
+ boolean minPinLength;
};
-partial dictionary AuthenticationExtensionsClientOutputs {
- AuthenticationExtensionsPRFOutputs prf;
-};
-partial dictionary AuthenticationExtensionsClientOutputsJSON {
- AuthenticationExtensionsPRFOutputsJSON prf;
-};
