nsIWebAuthnArgs.idl (5340B)
1 /* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ 2 /* This Source Code Form is subject to the terms of the Mozilla Public 3 * License, v. 2.0. If a copy of the MPL was not distributed with this 4 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ 5 6 #include "nsISupports.idl" 7 8 typedef long COSEAlgorithmIdentifier; 9 10 [uuid(2fc8febe-a277-11ed-bda2-8f6495a5e75c)] 11 interface nsIWebAuthnRegisterArgs : nsISupports { 12 // TODO(Bug 1820035) The origin is only used for prompt callbacks. Refactor and remove. 13 readonly attribute AString origin; 14 15 readonly attribute Array<octet> challenge; 16 17 readonly attribute ACString clientDataJSON; 18 19 readonly attribute Array<octet> clientDataHash; 20 21 // A PublicKeyCredentialRpEntity 22 readonly attribute AString rpId; 23 [must_use] readonly attribute AString rpName; 24 25 // A PublicKeyCredentialUserEntity 26 [must_use] readonly attribute Array<octet> userId; 27 [must_use] readonly attribute AString userName; 28 [must_use] readonly attribute AString userDisplayName; 29 30 // The spec defines this as a sequence<PublicKeyCredentialParameters>. 31 // We require type = "public-key" and only serialize the alg fields. 32 [must_use] readonly attribute Array<COSEAlgorithmIdentifier> coseAlgs; 33 34 // The spec defines this as a sequence<PublicKeyCredentialDescriptor>, 35 // we use separate arrays for the credential IDs and transports. 36 readonly attribute Array<Array<octet> > excludeList; 37 readonly attribute Array<octet> excludeListTransports; 38 39 // CTAP2 passes extensions in a CBOR map of extension identifier -> 40 // WebAuthn AuthenticationExtensionsClientInputs. That's not feasible here. 41 // So we define a getter for each supported extension input and use the 42 // return code to signal presence. 43 [must_use] readonly attribute AUTF8String credentialProtectionPolicy; 44 [must_use] readonly attribute boolean enforceCredentialProtectionPolicy; 45 [must_use] readonly attribute boolean credProps; 46 [must_use] readonly attribute boolean hmacCreateSecret; 47 [must_use] readonly attribute boolean minPinLength; 48 [must_use] readonly attribute boolean prf; 49 [must_use] readonly attribute Array<octet> prfEvalFirst; 50 [must_use] readonly attribute Array<octet> prfEvalSecond; 51 [must_use] readonly attribute boolean largeBlobSupportRequired; 52 53 // Options. 54 readonly attribute AString residentKey; 55 readonly attribute AString userVerification; 56 [must_use] readonly attribute AString authenticatorAttachment; 57 58 // This is the WebAuthn PublicKeyCredentialCreationOptions timeout. 59 // Arguably we don't need to pass it through since WebAuthnController can 60 // cancel transactions. 61 readonly attribute uint32_t timeoutMS; 62 63 // This is the WebAuthn PublicKeyCredentialCreationOptions attestation. 64 // We might overwrite the provided value with "none" if the user declines the 65 // consent popup. 66 [must_use] readonly attribute AString attestationConveyancePreference; 67 68 readonly attribute Array<AString> hints; 69 70 readonly attribute boolean privateBrowsing; 71 }; 72 73 [uuid(2e621cf4-a277-11ed-ae00-bf41a54ef553)] 74 interface nsIWebAuthnSignArgs : nsISupports { 75 // TODO(Bug 1820035) The origin is only used for prompt callbacks. Refactor and remove. 76 readonly attribute AString origin; 77 78 // The spec only asks for the ID field of a PublicKeyCredentialRpEntity here 79 readonly attribute AString rpId; 80 81 readonly attribute Array<octet> challenge; 82 83 readonly attribute ACString clientDataJSON; 84 85 readonly attribute Array<octet> clientDataHash; 86 87 // The spec defines this as a sequence<PublicKeyCredentialDescriptor>, 88 // we use separate arrays for the credential IDs and transports. 89 readonly attribute Array<Array<octet> > allowList; 90 readonly attribute Array<octet> allowListTransports; 91 92 // CTAP2 passes extensions in a CBOR map of extension identifier -> 93 // WebAuthn AuthenticationExtensionsClientInputs. That's not feasible here. 94 // So we define a getter for each supported extension input and use the 95 // return code to signal presence. 96 [must_use] readonly attribute boolean hmacCreateSecret; 97 [must_use] readonly attribute AString appId; 98 [must_use] readonly attribute boolean prf; 99 [must_use] readonly attribute Array<octet> prfEvalFirst; 100 [must_use] readonly attribute Array<octet> prfEvalSecond; 101 [must_use] readonly attribute Array<Array<octet> > prfEvalByCredentialCredentialId; 102 [must_use] readonly attribute Array<Array<octet> > prfEvalByCredentialEvalFirst; 103 [must_use] readonly attribute Array<boolean> prfEvalByCredentialEvalSecondMaybe; 104 [must_use] readonly attribute Array<Array<octet> > prfEvalByCredentialEvalSecond; 105 [must_use] readonly attribute boolean largeBlobRead; 106 [must_use] readonly attribute Array<octet> largeBlobWrite; 107 108 // Options 109 [must_use] readonly attribute AString userVerification; 110 111 // This is the WebAuthn PublicKeyCredentialCreationOptions timeout. 112 // Arguably we don't need to pass it through since WebAuthnController can 113 // cancel transactions. 114 readonly attribute unsigned long timeoutMS; 115 116 readonly attribute Array<AString> hints; 117 118 readonly attribute boolean conditionallyMediated; 119 120 readonly attribute boolean privateBrowsing; 121 };