File: in_session_auth.mojom

package info (click to toggle)
chromium 138.0.7204.183-1
  • links: PTS, VCS
  • area: main
  • in suites: trixie
  • size: 6,071,908 kB
  • sloc: cpp: 34,937,088; ansic: 7,176,967; javascript: 4,110,704; python: 1,419,953; asm: 946,768; xml: 739,971; pascal: 187,324; sh: 89,623; perl: 88,663; objc: 79,944; sql: 50,304; cs: 41,786; fortran: 24,137; makefile: 21,806; php: 13,980; tcl: 13,166; yacc: 8,925; ruby: 7,485; awk: 3,720; lisp: 3,096; lex: 1,327; ada: 727; jsp: 228; sed: 36
file content (60 lines) | stat: -rw-r--r-- 2,509 bytes parent folder | download | duplicates (8) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
 
// Copyright 2023 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

// This module serves as an interface for requesting, validating,
// and invalidated authentication tokens for various sensitive OS
// settings operations, such as modifying lock screen settings.
// This module is also used from lacros to authenticate users
// in password manager scenarios.
// The aquired token is perishable, and can be reused for as long
// as it is valid. Token are managed by ash's `AuthSessionStorage`.

module chromeos.auth.mojom;

import "mojo/public/mojom/base/time.mojom";

[Stable, RenamedFrom="crosapi.mojom.RequestTokenReply"]
struct RequestTokenReply {
  // The authentication token that is returned, to use for sensitive
  // operations.
  string token@0;

  // The length of time for which the token is valid.
  mojo_base.mojom.TimeDelta timeout@1;
};

[Stable, Extensible, RenamedFrom="crosapi.mojom.Reason"]
enum Reason {
  [Default] kAccessPasswordManager = 0,
  kAccessAuthenticationSettings,
  kAccessMultideviceSettings,
};

// An interface implemented by Ash to expose Ash's authentication capabilities.
[Stable, Uuid="7d4bb0d8-f1fa-46bf-a7a6-b7117526ea63",
  RenamedFrom="crosapi.mojom.InSessionAuth"]
interface InSessionAuth {
  // Instructs Ash to summon a native authentication dialog to authenticate
  // the currently active user. Returns a prerishable authentication token on
  // success. RequestTokenReply in null if authentication was aborted.
  [MinVersion=1]
  RequestToken@0(Reason reason, [MinVersion=1] string? prompt)
    => (RequestTokenReply? reply);

  // Check the validity of the token for sensitive operations.
  CheckToken@1(Reason reason, string token) => (bool valid);

  // Release the token when no longer needed, rendering it invalid.
  InvalidateToken@2(string token);

  // Instructs Ash to summon the legacy WebAuthn dialog to authenticate
  // the currently active user. Returns whether the authentication
  // was successful. `rp_id` is the identifier of the WebAuthn relying party,
  // which is usually (but not necessarily) a part of the URL. `window_id` is
  // the window identifier that sent the WebAuthn request. The identifier is
  // given by the window manager, so we can't make extra assumptions about it
  // (like whether it's a integer or URL etc.) other than that it is a string.
  [MinVersion=2]
  RequestLegacyWebAuthn@3(string rp_id, string window_id) => (bool success);
};