From 3161ff93b0e85edaa1939d79e1dc012d827d435c Mon Sep 17 00:00:00 2001 From: Adam Langley Date: Tue, 11 Apr 2023 15:59:45 -0700 Subject: [PATCH 1/4] Include the "Easily accessing credential data" fields in JSON. The WebAuthn API provides accessors to get the SPKI-formatted public key and authenticator data without needing to parse CBOR or handle COSE. However, the JSON structures, prior to this change, didn't include these values giving users an unfortunate choice: either use the accessors and do the JSON encoding yourself, or use the provided `toJSON` function. But we can have both! --- index.bs | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/index.bs b/index.bs index ddb847648..4fa943201 100644 --- a/index.bs +++ b/index.bs @@ -1617,8 +1617,21 @@ that are returned to the caller when a new credential is created, or a new asser dictionary AuthenticatorAttestationResponseJSON { required Base64URLString clientDataJSON; - required Base64URLString attestationObject; + required Base64URLString authenticatorData; + required long long publicKeyAlgorithm; required sequence transports; + + // This field is missing if pubKeyCredParams was used to negotiate + // a public-key algorithm that the user agent doesn't understand. + // (See section “Easily accessing credential data” for a list of + // which algorithms user agents must support.) If using such an + // algorithm then the public key must be parsed from + // attestationObject directly. + Base64URLString publicKey; + + // This value contains copies of some of the fields above. See + // section “Easily accessing credential data”. + required Base64URLString attestationObject; }; dictionary AuthenticationResponseJSON { From 6ea51efeb5519b00daf4276f55fbb712152a1d12 Mon Sep 17 00:00:00 2001 From: Adam Langley Date: Mon, 8 May 2023 12:54:48 -0700 Subject: [PATCH 2/4] Update in light of Matt's comments. --- index.bs | 16 +++++++--------- 1 file changed, 7 insertions(+), 9 deletions(-) diff --git a/index.bs b/index.bs index 4fa943201..7e53dc743 100644 --- a/index.bs +++ b/index.bs @@ -1618,17 +1618,15 @@ that are returned to the caller when a new credential is created, or a new asser dictionary AuthenticatorAttestationResponseJSON { required Base64URLString clientDataJSON; required Base64URLString authenticatorData; - required long long publicKeyAlgorithm; required sequence transports; - - // This field is missing if pubKeyCredParams was used to negotiate - // a public-key algorithm that the user agent doesn't understand. - // (See section “Easily accessing credential data” for a list of - // which algorithms user agents must support.) If using such an - // algorithm then the public key must be parsed from - // attestationObject directly. + // The publicKey field will be missing if pubKeyCredParams was used to + // negotiate a public-key algorithm that the user agent doesn't + // understand. (See section “Easily accessing credential data” for a + // list of which algorithms user agents must support.) If using such an + // algorithm then the public key must be parsed from attestationObject + // directly. Base64URLString publicKey; - + required long long publicKeyAlgorithm; // This value contains copies of some of the fields above. See // section “Easily accessing credential data”. required Base64URLString attestationObject; From 0a7a05d3e9648c2f59184a80fd0b32aac78ecfa6 Mon Sep 17 00:00:00 2001 From: Adam Langley Date: Tue, 16 May 2023 13:53:33 -0700 Subject: [PATCH 3/4] Use spaces, not tabs, to match up --- index.bs | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/index.bs b/index.bs index 7e53dc743..30deb92c2 100644 --- a/index.bs +++ b/index.bs @@ -1619,12 +1619,12 @@ that are returned to the caller when a new credential is created, or a new asser required Base64URLString clientDataJSON; required Base64URLString authenticatorData; required sequence transports; - // The publicKey field will be missing if pubKeyCredParams was used to - // negotiate a public-key algorithm that the user agent doesn't - // understand. (See section “Easily accessing credential data” for a - // list of which algorithms user agents must support.) If using such an - // algorithm then the public key must be parsed from attestationObject - // directly. + // The publicKey field will be missing if pubKeyCredParams was used to + // negotiate a public-key algorithm that the user agent doesn't + // understand. (See section “Easily accessing credential data” for a + // list of which algorithms user agents must support.) If using such an + // algorithm then the public key must be parsed from attestationObject + // directly. Base64URLString publicKey; required long long publicKeyAlgorithm; // This value contains copies of some of the fields above. See From 5d62f33a9bf61c5e4fff6006a7cc36871fbd91cf Mon Sep 17 00:00:00 2001 From: Adam Langley Date: Wed, 17 May 2023 12:12:01 -0700 Subject: [PATCH 4/4] Update index.bs Co-authored-by: Emil Lundberg --- index.bs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/index.bs b/index.bs index 30deb92c2..c1cdc7be9 100644 --- a/index.bs +++ b/index.bs @@ -1623,8 +1623,8 @@ that are returned to the caller when a new credential is created, or a new asser // negotiate a public-key algorithm that the user agent doesn't // understand. (See section “Easily accessing credential data” for a // list of which algorithms user agents must support.) If using such an - // algorithm then the public key must be parsed from attestationObject - // directly. + // algorithm then the public key must be parsed directly from + // attestationObject or authenticatorData. Base64URLString publicKey; required long long publicKeyAlgorithm; // This value contains copies of some of the fields above. See