-
Notifications
You must be signed in to change notification settings - Fork 166
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Remove ScopedCredentialParameters tuple (by unpairing type & algorithm) #143
Closed
Closed
Changes from all commits
Commits
File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -279,7 +279,8 @@ The API is defined by the following Web IDL fragment. | |
interface WebAuthentication { | ||
Promise < ScopedCredentialInfo > makeCredential ( | ||
Account accountInformation, | ||
sequence < ScopedCredentialParameters > cryptoParameters, | ||
sequence < CredentialType > supportedTypes, | ||
sequence < AlgorithmIdentifier > supportedAlgorithms, | ||
BufferSource attestationChallenge, | ||
optional unsigned long credentialTimeoutSeconds, | ||
optional sequence < Credential > blacklist, | ||
|
@@ -308,11 +309,6 @@ The API is defined by the following Web IDL fragment. | |
DOMString imageURL; | ||
}; | ||
|
||
dictionary ScopedCredentialParameters { | ||
required CredentialType type; | ||
required AlgorithmIdentifier algorithm; | ||
}; | ||
|
||
interface WebAuthnAssertion { | ||
readonly attribute Credential credential; | ||
readonly attribute ArrayBuffer clientData; | ||
|
@@ -357,8 +353,8 @@ This method takes the following parameters: | |
- The <dfn>accountInformation</dfn> parameter specifies information about the user account for which the credential is being | ||
created. This is meant for later use by the authenticator when it needs to prompt the user to select a credential. | ||
|
||
- The <dfn>cryptoParameters</dfn> parameter supplies information about the desired properties of the credential to be created. | ||
The sequence is ordered from most preferred to least preferred. The platform makes a best effort to create the most | ||
- The <dfn>supportedAlgorithms</dfn> and <dfn>supportedTypes</dfn> parameters supply information about the desired properties of the credential to be created. | ||
The sequence is ordered from most preferred to least preferred. The platform makes a best effort to create the most logical and | ||
preferred credential that it can. | ||
|
||
- The <dfn>attestationChallenge</dfn> parameter contains a challenge intended to be used for generating the attestation | ||
|
@@ -392,15 +388,12 @@ When this method is invoked, the user agent MUST execute the following algorithm | |
|
||
4. Initialize |issuedRequests| to an empty list. | ||
|
||
5. Process each element of <a>cryptoParameters</a> using the following steps, to produce a new sequence `normalizedParameters`: | ||
- Let |current| be the currently selected element of <a>cryptoParameters</a>. | ||
- If `current.type` does not contain a {{CredentialType}} supported by this implementation, then stop processing |current| | ||
and move on to the next element in <a>cryptoParameters</a>. | ||
5. Process each element of <a>supportedAlgorithms</a> using the following steps, to produce a new sequence `normalizedAlgorithms`: | ||
- Let |currentAlgorithm| be the currently selected element of <a>supportedAlgorithms</a>. | ||
- Let `normalizedAlgorithm` be the result of normalizing an algorithm using the procedure defined in [[!WebCryptoAPI]], | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. why is the step at lines 397 & 398 deleted? Is it not possible for an RP to request making a credential of a type that the underlying webauthn implementation does not support? |
||
with |alg| set to `current.algorithm` and |op| set to 'generateKey'. If an error occurs during this procedure, then | ||
stop processing |current| and move on to the next element in <a>cryptoParameters</a>. | ||
- Add a new object of type {{ScopedCredentialParameters}} to `normalizedParameters`, with |type| set to `current.type` and | ||
|algorithm| set to `normalizedAlgorithm`. | ||
with |alg| set to `currentAlgorithm` and |op| set to 'generateKey'. If an error occurs during this procedure, then | ||
stop processing |currentAlgorithm| and move on to the next element in <a>supportedAlgorithms</a>. | ||
- Add `normalizedAlgorithm` to `normalizedAlgorithms`. | ||
|
||
6. If <a>blacklist</a> is undefined, set it to the empty list. | ||
|
||
|
@@ -409,7 +402,7 @@ When this method is invoked, the user agent MUST execute the following algorithm | |
|
||
8. For each authenticator currently available on this platform: asynchronously invoke the | ||
<a>authenticatorMakeCredential</a> operation on that authenticator with |callerOrigin|, |rpId|, <a>accountInformation</a>, | ||
`normalizedParameters`, <a>blacklist</a>, <a>attestationChallenge</a> and |clientExtensions| as parameters. Add a | ||
<a>supportedTypes</a>, `normalizedAlgorithms`, <a>blacklist</a>, <a>attestationChallenge</a> and |clientExtensions| as parameters. Add a | ||
corresponding entry to |issuedRequests|. | ||
|
||
9. While |issuedRequests| is not empty, perform the following actions depending upon the |adjustedTimeout| timer and responses | ||
|
@@ -537,18 +530,6 @@ authorizing an authenticator with which to complete the operation. | |
</div> | ||
|
||
|
||
## Parameters for Credential Generation (dictionary <dfn dictionary>ScopedCredentialParameters</dfn>) ## {#credential-params} | ||
|
||
<div dfn-for="ScopedCredentialParameters"> | ||
This dictionary is used to supply additional parameters when creating a new credential. | ||
|
||
The <dfn>type</dfn> member specifies the type of credential to be created. | ||
|
||
The <dfn>algorithm</dfn> member specifies the cryptographic algorithm with which the newly generated credential will be | ||
used. | ||
</div> | ||
|
||
|
||
## WebAuthn Assertion (interface <dfn interface>WebAuthnAssertion</dfn>) ## {#iface-assertion} | ||
|
||
Scoped credentials produce a cryptographic signature that provides proof of possession of a private key as well as evidence of | ||
|
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
what is meant by "most logical" in regards to a credential and its associated key pair?