Open Bug 1384776 Opened 2 years ago Updated 6 months ago
[meta] Update Web
Authn JS API to the L1-REC spec
There are some normative changes between WD-05 and WD-06 (renames, mostly), which we need to target for Firefox 57. Known things are: * RP ID changes from an origin type to a domain string type ** Code, landed already in a backwards-compatible way and tested in Bug 1329764. CollectedClientData’s “origin” field changes from the RP ID to the caller’s origin Code, will need to be added * RP ID scope must be https, and must match all TCP ports ** Already enforced by existing Gecko methods, but we should add tests, in Bug 1382893 * Most of the WebIDL uses [SameObject] now ** Tackled in Bug 1382888 * Renames: In PublicKeyCredentialParameters object, “algorithm” is renamed to “alg” In MakeCredentialOptions object, “excludeList” is renamed to “excludeCredentials” In CollectedClientData object, “hashAlg” is renamed to “hashAlgorithm” In CollectedClientData object, “tokenBinding” is renamed to “tokenBindingId” In PublicKeyCredentialRequestOptions object, “allowList” is renamed to “allowCredentials” In AuthenticatorSelectionCriteria object, “Attachment” is renamed to “AuthenticatorAttachment” In PublicKeyCredentialDescriptor object, “Transport” is renamed to “AuthenticatorTransport” There are likely to be a few more based on outstanding work before WD-06 closes out, but all remaining changes are renames.
Updating to WD-07, even though it's not published yet. We're not going to stop at WD-06, we'll go straight to -07 which hopefully will have the last normative changes before CR.
Summary: Update WebAuthn JS API to the WD-06 working draft → Update WebAuthn JS API to the WD-07 working draft
Are we planning to ship this in 57?
No. Updating to 'Future' as it's still undetermined what the schedule will be.
Target Milestone: mozilla57 → Future
Version: 55 Branch → Trunk
These are the changes I've identified that we need to undertake, based on a delta between WD-05 and the editor's draft of 28 September 2017. I'll be filing blockers against this bug for each. * RP ID changes from an origin type to a domain string type (Done in Bug 1381126) * SameObject (Done in Bug 1382888) * Ensure RP ID is scoped correctly (Bug 1382893) * WebIDL renames * Add extension types * Add token binding types * Add attachment types * Add authenticator selection types * Change to COSE Algorithm Identifier object types (wontfixes or repurposes Bug 1381190) * Create Credential * Check for authenticatorAttachment * Check for requireUserVerification * authenticatorSelection / requiresResidentKey * Make Assertion * Check for authenticatorAttachment * Check for requireUserVerification * Assert options.publicKey is present * Evaluate transports * Implement isPlatformAuthenticatorAvailable() method * Authenticator data: * Bit 2 must be explicitly addressed for U2F * Extension: FIDO AppId Extension - need to implement
Summary: Update WebAuthn JS API to the WD-07 working draft → [meta] Update WebAuthn JS API to the WD-07 working draft
Is there an existing bug tracking adding [SecureContext] to the Navigator bits?
(In reply to Boris Zbarsky [:bz] (no decent commit message means r-) from comment #5) > Is there an existing bug tracking adding [SecureContext] to the Navigator > bits? No; what Navigator bits are those? Credential and CredentialsContainer are already [SecureContext]  If there are other bits, feel free to open one and we'll take care of it. (Sorry for my ignorance!)  https://searchfox.org/mozilla-central/source/dom/webidl/CredentialManagement.webidl
> what Navigator bits are those? https://www.w3.org/TR/credential-management-1/#framework-credential-management > Credential and CredentialsContainer are already [SecureContext] Yes, but Navigator.credentials is not. > feel free to open one Bug 1430947.
11 months ago
Component: DOM: Device Interfaces → DOM: Web Authentication
Summary: [meta] Update WebAuthn JS API to the WD-07 working draft → [meta] Update WebAuthn JS API to the L1-REC spec
You need to log in before you can comment on or make changes to this bug.