gecko-dev/dom/webauthn/nsIWebAuthnArgs.idl

/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
/* This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */

#include "nsISupports.idl"

typedef long COSEAlgorithmIdentifier;

[uuid(2fc8febe-a277-11ed-bda2-8f6495a5e75c)]
interface nsIWebAuthnRegisterArgs : nsISupports {
    // TODO(Bug 1820035) The origin is only used for prompt callbacks. Refactor and remove.
    readonly attribute AString origin;

    readonly attribute Array<octet> challenge;

    readonly attribute ACString clientDataJSON;

    readonly attribute Array<octet> clientDataHash;

    // A PublicKeyCredentialRpEntity
    readonly attribute AString rpId;
    [must_use] readonly attribute AString rpName;

    // A PublicKeyCredentialUserEntity
    [must_use] readonly attribute Array<octet> userId;
    [must_use] readonly attribute AString userName;
    [must_use] readonly attribute AString userDisplayName;

    // The spec defines this as a sequence<PublicKeyCredentialParameters>.
    // We require type = "public-key" and only serialize the alg fields.
    [must_use] readonly attribute Array<COSEAlgorithmIdentifier> coseAlgs;

    // The spec defines this as a sequence<PublicKeyCredentialDescriptor>,
    // we use separate arrays for the credential IDs and transports.
    readonly attribute Array<Array<octet> > excludeList;
    readonly attribute Array<octet> excludeListTransports;

    // CTAP2 passes extensions in a CBOR map of extension identifier ->
    // WebAuthn AuthenticationExtensionsClientInputs. That's not feasible here.
    // So we define a getter for each supported extension input and use the
    // return code to signal presence.
    [must_use] readonly attribute bool credProps;
    [must_use] readonly attribute bool hmacCreateSecret;
    [must_use] readonly attribute bool minPinLength;

    // Options.
    readonly attribute AString residentKey;
    readonly attribute AString userVerification;
    [must_use] readonly attribute AString authenticatorAttachment;

    // This is the WebAuthn PublicKeyCredentialCreationOptions timeout.
    // Arguably we don't need to pass it through since WebAuthnController can
    // cancel transactions.
    readonly attribute uint32_t timeoutMS;

    // This is the WebAuthn PublicKeyCredentialCreationOptions attestation.
    // We might overwrite the provided value with "none" if the user declines the
    // consent popup.
    [must_use] readonly attribute AString attestationConveyancePreference;
};

[uuid(2e621cf4-a277-11ed-ae00-bf41a54ef553)]
interface nsIWebAuthnSignArgs : nsISupports {
    // TODO(Bug 1820035) The origin is only used for prompt callbacks. Refactor and remove.
    readonly attribute AString origin;

    // The spec only asks for the ID field of a PublicKeyCredentialRpEntity here
    readonly attribute AString rpId;

    readonly attribute Array<octet> challenge;

    readonly attribute ACString clientDataJSON;

    readonly attribute Array<octet> clientDataHash;

    // The spec defines this as a sequence<PublicKeyCredentialDescriptor>,
    // we use separate arrays for the credential IDs and transports.
    readonly attribute Array<Array<octet> > allowList;
    readonly attribute Array<octet> allowListTransports;

    // CTAP2 passes extensions in a CBOR map of extension identifier ->
    // WebAuthn AuthenticationExtensionsClientInputs. That's not feasible here.
    // So we define a getter for each supported extension input and use the
    // return code to signal presence.
    [must_use] readonly attribute bool hmacCreateSecret;
    [must_use] readonly attribute AString appId;

    // Options
    [must_use] readonly attribute AString userVerification;

    // This is the WebAuthn PublicKeyCredentialCreationOptions timeout.
    // Arguably we don't need to pass it through since WebAuthnController can
    // cancel transactions.
    readonly attribute unsigned long timeoutMS;

    readonly attribute bool conditionallyMediated;
};