Closed
Bug 1385008
Opened 7 years ago
Closed 7 years ago
WebAuthn: CollectedClientData.Origin must be the RP ID
Categories
(Core :: DOM: Device Interfaces, enhancement, P1)
Tracking
()
RESOLVED
FIXED
mozilla56
Tracking | Status | |
---|---|---|
firefox56 | --- | fixed |
People
(Reporter: jcj, Assigned: jcj)
References
Details
(Whiteboard: [webauthn] [webauthn-interop])
Attachments
(1 file)
WD-05 specifies the CollectedClientData Origin field be set to the RP ID, rather than the document's origin. We need to match it, and revert back to using the calling page's origin in Bug 1384776.
Assignee | ||
Comment 1•7 years ago
|
||
Note there is some ambiguity in the specification, as [1] says CollectedClientData.Origin is the document's origin, while the algorithms [2] and [3] set it to RP ID. I'm going to stick with the algorithm's definition and produce a patch; it's simple to revert when we move to WD-06. This also isn't a critical compatibility thing, as the data structure is transmitted on the wire, so it should be obvious during interop testing which way people chose. [1] https://www.w3.org/TR/webauthn/#dom-collectedclientdata-origin [2] https://www.w3.org/TR/webauthn/#createCredential [3] https://www.w3.org/TR/webauthn/#getAssertion
Comment hidden (mozreview-request) |
Comment 3•7 years ago
|
||
mozreview-review |
Comment on attachment 8890974 [details] Bug 1385008: WebAuthn CollectedClientData.Origin must be RP ID https://reviewboard.mozilla.org/r/162150/#review167444 Ok - sounds good. ::: commit-message-388d8:6 (Diff revision 1) > +Bug 1385008: WebAuthn CollectedClientData.Origin must be RP ID r?keeler > + > +The WebAuthn WD-05 version of the specification defines the Origin field [1] > +of the CollectedClientData as being set to the RP ID [2][3]. > + > +Note there is some ambiguity in the specification, as [1] says I'm assuming the ambiguity is resolved and/or moot in WD-06?
Attachment #8890974 -
Flags: review?(dkeeler) → review+
Assignee | ||
Comment 4•7 years ago
|
||
mozreview-review-reply |
Comment on attachment 8890974 [details] Bug 1385008: WebAuthn CollectedClientData.Origin must be RP ID https://reviewboard.mozilla.org/r/162150/#review167444 Thanks a bunch! > I'm assuming the ambiguity is resolved and/or moot in WD-06? Yep, it's the state of the tree today, so we'll just revert this patch.
Assignee | ||
Updated•7 years ago
|
Keywords: checkin-needed
Pushed by ryanvm@gmail.com: https://hg.mozilla.org/integration/autoland/rev/8791f4a87a60 WebAuthn CollectedClientData.Origin must be RP ID r=keeler
Keywords: checkin-needed
Comment 6•7 years ago
|
||
bugherder |
https://hg.mozilla.org/mozilla-central/rev/8791f4a87a60
You need to log in
before you can comment on or make changes to this bug.
Description
•