/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at
http://mozilla.org/MPL/2.0/. */
#include "nsISupports.idl"
typedef long COSEAlgorithmIdentifier;
[uuid(2fc8febe-a277-11ed-bda2-8f6495a5e75c)]
interface nsIWebAuthnRegisterArgs : nsISupports {
// TODO(Bug 1820035) The origin is only used for prompt callbacks. Refactor and remove.
readonly attribute AString origin;
readonly attribute Array<octet> challenge;
readonly attribute ACString clientDataJSON;
readonly attribute Array<octet> clientDataHash;
// A PublicKeyCredentialRpEntity
readonly attribute AString rpId;
[must_use] readonly attribute AString rpName;
// A PublicKeyCredentialUserEntity
[must_use] readonly attribute Array<octet> userId;
[must_use] readonly attribute AString userName;
[must_use] readonly attribute AString userDisplayName;
// The spec defines this as a sequence<PublicKeyCredentialParameters>.
// We require type = "public-key" and only serialize the alg fields.
[must_use] readonly attribute Array<COSEAlgorithmIdentifier> coseAlgs;
// The spec defines this as a sequence<PublicKeyCredentialDescriptor>,
// we use separate arrays for the credential IDs and transports.
readonly attribute Array<Array<octet> > excludeList;
readonly attribute Array<octet> excludeListTransports;
// CTAP2 passes extensions in a CBOR map of extension identifier ->
// WebAuthn AuthenticationExtensionsClientInputs. That's not feasible here.
// So we define a getter for each supported extension input and use the
// return code to signal presence.
[must_use] readonly attribute boolean credProps;
[must_use] readonly attribute boolean hmacCreateSecret;
[must_use] readonly attribute boolean minPinLength;
[must_use] readonly attribute boolean prf;
[must_use] readonly attribute Array<octet> prfEvalFirst;
[must_use] readonly attribute Array<octet> prfEvalSecond;
// Options.
readonly attribute AString residentKey;
readonly attribute AString userVerification;
[must_use] readonly attribute AString authenticatorAttachment;
// This is the WebAuthn PublicKeyCredentialCreationOptions timeout.
// Arguably we don't need to pass it through since WebAuthnController can
// cancel transactions.
readonly attribute uint32_t timeoutMS;
// This is the WebAuthn PublicKeyCredentialCreationOptions attestation.
// We might overwrite the provided value with "none" if the user declines the
// consent popup.
[must_use] readonly attribute AString attestationConveyancePreference;
};
[uuid(2e621cf4-a277-11ed-ae00-bf41a54ef553)]
interface nsIWebAuthnSignArgs : nsISupports {
// TODO(Bug 1820035) The origin is only used for prompt callbacks. Refactor and remove.
readonly attribute AString origin;
// The spec only asks for the ID field of a PublicKeyCredentialRpEntity here
readonly attribute AString rpId;
readonly attribute Array<octet> challenge;
readonly attribute ACString clientDataJSON;
readonly attribute Array<octet> clientDataHash;
// The spec defines this as a sequence<PublicKeyCredentialDescriptor>,
// we use separate arrays for the credential IDs and transports.
readonly attribute Array<Array<octet> > allowList;
readonly attribute Array<octet> allowListTransports;
// CTAP2 passes extensions in a CBOR map of extension identifier ->
// WebAuthn AuthenticationExtensionsClientInputs. That's not feasible here.
// So we define a getter for each supported extension input and use the
// return code to signal presence.
[must_use] readonly attribute boolean hmacCreateSecret;
[must_use] readonly attribute AString appId;
[must_use] readonly attribute boolean prf;
[must_use] readonly attribute Array<octet> prfEvalFirst;
[must_use] readonly attribute Array<octet> prfEvalSecond;
[must_use] readonly attribute Array<Array<octet> > prfEvalByCredentialCredentialId;
[must_use] readonly attribute Array<Array<octet> > prfEvalByCredentialEvalFirst;
[must_use] readonly attribute Array<boolean> prfEvalByCredentialEvalSecondMaybe;
[must_use] readonly attribute Array<Array<octet> > prfEvalByCredentialEvalSecond;
// Options
[must_use] readonly attribute AString userVerification;
// This is the WebAuthn PublicKeyCredentialCreationOptions timeout.
// Arguably we don't need to pass it through since WebAuthnController can
// cancel transactions.
readonly attribute unsigned long timeoutMS;
readonly attribute boolean conditionallyMediated;
};
