From 3161ff93b0e85edaa1939d79e1dc012d827d435c Mon Sep 17 00:00:00 2001 From: Adam Langley Date: Tue, 11 Apr 2023 15:59:45 -0700 Subject: [PATCH] Include the "Easily accessing credential data" fields in JSON. The WebAuthn API provides accessors to get the SPKI-formatted public key and authenticator data without needing to parse CBOR or handle COSE. However, the JSON structures, prior to this change, didn't include these values giving users an unfortunate choice: either use the accessors and do the JSON encoding yourself, or use the provided `toJSON` function. But we can have both! --- index.bs | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/index.bs b/index.bs index ddb847648..4fa943201 100644 --- a/index.bs +++ b/index.bs @@ -1617,8 +1617,21 @@ that are returned to the caller when a new credential is created, or a new asser dictionary AuthenticatorAttestationResponseJSON { required Base64URLString clientDataJSON; - required Base64URLString attestationObject; + required Base64URLString authenticatorData; + required long long publicKeyAlgorithm; required sequence transports; + + // This field is missing if pubKeyCredParams was used to negotiate + // a public-key algorithm that the user agent doesn't understand. + // (See section “Easily accessing credential data” for a list of + // which algorithms user agents must support.) If using such an + // algorithm then the public key must be parsed from + // attestationObject directly. + Base64URLString publicKey; + + // This value contains copies of some of the fields above. See + // section “Easily accessing credential data”. + required Base64URLString attestationObject; }; dictionary AuthenticationResponseJSON {