authentication-cannot-bypass-spc.https.html (1894B)
1 <!DOCTYPE html> 2 <meta charset="utf-8"> 3 <title>Test for the 'secure-payment-confirmation' payment method authentication - cannot authenticate via navigator.credentials.get directly</title> 4 <link rel="help" href="https://w3c.github.io/secure-payment-confirmation#client-extension-processing-authentication"> 5 <script src="/resources/testharness.js"></script> 6 <script src="/resources/testharnessreport.js"></script> 7 <script src="/resources/testdriver.js"></script> 8 <script src="/resources/testdriver-vendor.js"></script> 9 <script src="utils.sub.js"></script> 10 <script> 11 'use strict'; 12 13 promise_test(async t => { 14 const authenticator = await window.test_driver.add_virtual_authenticator( 15 AUTHENTICATOR_OPTS); 16 t.add_cleanup(() => { 17 return window.test_driver.remove_virtual_authenticator(authenticator); 18 }); 19 20 await window.test_driver.set_spc_transaction_mode("autoAccept"); 21 t.add_cleanup(() => { 22 return window.test_driver.set_spc_transaction_mode("none"); 23 }); 24 25 const credential = await createCredential(); 26 27 const challenge = 'server challenge'; 28 const payeeOrigin = 'https://merchant.com'; 29 const displayName = 'Troycard ***1234'; 30 const paymentInputs = { 31 isPayment: true, 32 rp: window.location.hostname, 33 topOrigin: window.location.origin, 34 payeeOrigin, 35 total: PAYMENT_DETAILS['total'], 36 instrument: { 37 displayName, 38 icon: ICON_URL, 39 }, 40 }; 41 const publicKey = { 42 allowCredentials: [ 43 { type: 'public-key', id: credential.rawId, transports: [ 'internal' ] }, 44 ], 45 challenge: Uint8Array.from(challenge, c => c.charCodeAt(0)), 46 timeout: 60000, 47 userVerification: 'required', 48 extensions: { 49 payment: paymentInputs, 50 }, 51 }; 52 53 return promise_rejects_dom(t, 'NotAllowedError', 54 navigator.credentials.get({publicKey})); 55 }, 'Cannot bypass SPC authentication UI via navigator.credentials.get'); 56 </script>