createcredential-clientdata.https.html (2030B)
1 <!DOCTYPE html> 2 <meta charset="utf-8"> 3 <title>WebAuthn navigator.credentials.create() clientData test</title> 4 <link rel="help" href="https://w3c.github.io/webauthn/#iface-credential"> 5 <script src="/resources/testharness.js"></script> 6 <script src="/resources/testharnessreport.js"></script> 7 <script src="/resources/testdriver.js"></script> 8 <script src="/resources/testdriver-vendor.js"></script> 9 <script src="helpers.js"></script> 10 <body></body> 11 <script> 12 standardSetup(function() { 13 "use strict"; 14 15 const options = { 16 rp: {name: "Acme"}, 17 user: {id: new Uint8Array(1), name: "name", displayName: ""}, 18 pubKeyCredParams: [{type: "public-key", alg: -7}], 19 attestation: "none", 20 challenge: new Uint8Array([0xff]), 21 }; 22 23 promise_test(async t => { 24 const cred = await navigator.credentials.create({publicKey: options}); 25 // WebAuthn specifies a precise, JSON-compatible serialization for the 26 // clientDataJSON. See 27 // https://www.w3.org/TR/webauthn-2/#clientdatajson-serialization 28 const expectedPrefix = 29 `{"type":"webauthn.create","challenge":"_w","origin":"`; 30 const clientData = new TextDecoder().decode(cred.response.clientDataJSON); 31 assert_true(clientData.startsWith(expectedPrefix), 32 "The clientData (" + clientData + 33 ") should have the prefix: " + expectedPrefix); 34 35 36 // Skip over the origin value by finding the closing quote. 37 const originEnd = clientData.indexOf('"', expectedPrefix.length); 38 assert_not_equals(originEnd, -1, "Should find the closing quote for origin"); 39 40 const expectedRemainder = `","crossOrigin":false`; 41 assert_true(clientData.substring(originEnd).startsWith(expectedRemainder), 42 "The clientData (" + clientData + 43 ") should have the following after the origin: " + 44 expectedRemainder); 45 }, "navigator.credentials.create() has valid clientData"); 46 }); 47 </script>