1/* -*- Mode: IDL; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
2/* This Source Code Form is subject to the terms of the Mozilla Public
3 * License, v. 2.0. If a copy of the MPL was not distributed with this file,
4 * You can obtain one at http://mozilla.org/MPL/2.0/.
5 *
6 * The origin of this IDL file is
7 * https://w3c.github.io/webauthn/
8 */
9
10/***** Interfaces to Data *****/
11
12[SecureContext, Pref="security.webauth.webauthn"]
13interface PublicKeyCredential : Credential {
14    [SameObject] readonly attribute ArrayBuffer              rawId;
15    [SameObject] readonly attribute AuthenticatorResponse    response;
16    AuthenticationExtensionsClientOutputs getClientExtensionResults();
17};
18
19[SecureContext]
20partial interface PublicKeyCredential {
21    static Promise<boolean> isUserVerifyingPlatformAuthenticatorAvailable();
22};
23
24[SecureContext, Pref="security.webauth.webauthn"]
25interface AuthenticatorResponse {
26    [SameObject] readonly attribute ArrayBuffer clientDataJSON;
27};
28
29[SecureContext, Pref="security.webauth.webauthn"]
30interface AuthenticatorAttestationResponse : AuthenticatorResponse {
31    [SameObject] readonly attribute ArrayBuffer attestationObject;
32};
33
34[SecureContext, Pref="security.webauth.webauthn"]
35interface AuthenticatorAssertionResponse : AuthenticatorResponse {
36    [SameObject] readonly attribute ArrayBuffer      authenticatorData;
37    [SameObject] readonly attribute ArrayBuffer      signature;
38    [SameObject] readonly attribute ArrayBuffer?     userHandle;
39};
40
41dictionary PublicKeyCredentialParameters {
42    required PublicKeyCredentialType  type;
43    required COSEAlgorithmIdentifier  alg;
44};
45
46dictionary PublicKeyCredentialCreationOptions {
47    required PublicKeyCredentialRpEntity   rp;
48    required PublicKeyCredentialUserEntity user;
49
50    required BufferSource                            challenge;
51    required sequence<PublicKeyCredentialParameters> pubKeyCredParams;
52
53    unsigned long                                timeout;
54    sequence<PublicKeyCredentialDescriptor>      excludeCredentials = [];
55    AuthenticatorSelectionCriteria               authenticatorSelection;
56    AttestationConveyancePreference              attestation = "none";
57    AuthenticationExtensionsClientInputs         extensions;
58};
59
60dictionary PublicKeyCredentialEntity {
61    required DOMString    name;
62    USVString             icon;
63};
64
65dictionary PublicKeyCredentialRpEntity : PublicKeyCredentialEntity {
66    DOMString      id;
67};
68
69dictionary PublicKeyCredentialUserEntity : PublicKeyCredentialEntity {
70    required BufferSource   id;
71    required DOMString      displayName;
72};
73
74dictionary AuthenticatorSelectionCriteria {
75    AuthenticatorAttachment      authenticatorAttachment;
76    boolean                      requireResidentKey = false;
77    UserVerificationRequirement  userVerification = "preferred";
78};
79
80enum AuthenticatorAttachment {
81    "platform",       // Platform attachment
82    "cross-platform"  // Cross-platform attachment
83};
84
85enum AttestationConveyancePreference {
86    "none",
87    "indirect",
88    "direct"
89};
90
91enum UserVerificationRequirement {
92    "required",
93    "preferred",
94    "discouraged"
95};
96
97dictionary PublicKeyCredentialRequestOptions {
98    required BufferSource                challenge;
99    unsigned long                        timeout;
100    USVString                            rpId;
101    sequence<PublicKeyCredentialDescriptor> allowCredentials = [];
102    UserVerificationRequirement          userVerification = "preferred";
103    AuthenticationExtensionsClientInputs extensions;
104};
105
106// TODO - Use partial dictionaries when bug 1436329 is fixed.
107dictionary AuthenticationExtensionsClientInputs {
108    // FIDO AppID Extension (appid)
109    // <https://w3c.github.io/webauthn/#sctn-appid-extension>
110    USVString appid;
111};
112
113// TODO - Use partial dictionaries when bug 1436329 is fixed.
114dictionary AuthenticationExtensionsClientOutputs {
115    // FIDO AppID Extension (appid)
116    // <https://w3c.github.io/webauthn/#sctn-appid-extension>
117    boolean appid;
118};
119
120typedef record<DOMString, DOMString> AuthenticationExtensionsAuthenticatorInputs;
121
122dictionary CollectedClientData {
123    required DOMString           type;
124    required DOMString           challenge;
125    required DOMString           origin;
126    required DOMString           hashAlgorithm;
127    DOMString                    tokenBindingId;
128    AuthenticationExtensionsClientInputs clientExtensions;
129    AuthenticationExtensionsAuthenticatorInputs authenticatorExtensions;
130};
131
132enum PublicKeyCredentialType {
133    "public-key"
134};
135
136dictionary PublicKeyCredentialDescriptor {
137    required PublicKeyCredentialType      type;
138    required BufferSource                 id;
139    sequence<AuthenticatorTransport>      transports;
140};
141
142enum AuthenticatorTransport {
143    "usb",
144    "nfc",
145    "ble"
146};
147
148typedef long COSEAlgorithmIdentifier;
149
150typedef sequence<AAGUID>      AuthenticatorSelectionList;
151
152typedef BufferSource      AAGUID;
153
154/*
155// FIDO AppID Extension (appid)
156// <https://w3c.github.io/webauthn/#sctn-appid-extension>
157partial dictionary AuthenticationExtensionsClientInputs {
158    USVString appid;
159};
160
161// FIDO AppID Extension (appid)
162// <https://w3c.github.io/webauthn/#sctn-appid-extension>
163partial dictionary AuthenticationExtensionsClientOutputs {
164  boolean appid;
165};
166*/
167