1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
|
// GENERATED CONTENT - DO NOT EDIT
// Content was automatically extracted by Reffy into webref
// (https://github.com/w3c/webref)
// Source: Web Authentication: An API for accessing Public Key Credentials - Level 3 (https://w3c.github.io/webauthn/)
[SecureContext, Exposed=Window]
interface PublicKeyCredential : Credential {
[SameObject] readonly attribute ArrayBuffer rawId;
[SameObject] readonly attribute AuthenticatorResponse response;
readonly attribute DOMString? authenticatorAttachment;
AuthenticationExtensionsClientOutputs getClientExtensionResults();
static Promise<boolean> isConditionalMediationAvailable();
PublicKeyCredentialJSON toJSON();
};
typedef DOMString Base64URLString;
// The structure of this object will be either
// RegistrationResponseJSON or AuthenticationResponseJSON
typedef object PublicKeyCredentialJSON;
dictionary RegistrationResponseJSON {
required DOMString id;
required Base64URLString rawId;
required AuthenticatorAttestationResponseJSON response;
DOMString authenticatorAttachment;
required AuthenticationExtensionsClientOutputsJSON clientExtensionResults;
required DOMString type;
};
dictionary AuthenticatorAttestationResponseJSON {
required Base64URLString clientDataJSON;
required Base64URLString authenticatorData;
required sequence<DOMString> transports;
// The publicKey field will be missing if pubKeyCredParams was used to
// negotiate a public-key algorithm that the user agent doesn't
// understand. (See section “Easily accessing credential data” for a
// list of which algorithms user agents must support.) If using such an
// algorithm then the public key must be parsed directly from
// attestationObject or authenticatorData.
Base64URLString publicKey;
required COSEAlgorithmIdentifier publicKeyAlgorithm;
// This value contains copies of some of the fields above. See
// section “Easily accessing credential data”.
required Base64URLString attestationObject;
};
dictionary AuthenticationResponseJSON {
required DOMString id;
required Base64URLString rawId;
required AuthenticatorAssertionResponseJSON response;
DOMString authenticatorAttachment;
required AuthenticationExtensionsClientOutputsJSON clientExtensionResults;
required DOMString type;
};
dictionary AuthenticatorAssertionResponseJSON {
required Base64URLString clientDataJSON;
required Base64URLString authenticatorData;
required Base64URLString signature;
Base64URLString userHandle;
};
dictionary AuthenticationExtensionsClientOutputsJSON {
};
partial dictionary CredentialCreationOptions {
PublicKeyCredentialCreationOptions publicKey;
};
partial dictionary CredentialRequestOptions {
PublicKeyCredentialRequestOptions publicKey;
};
partial interface PublicKeyCredential {
static Promise<boolean> isUserVerifyingPlatformAuthenticatorAvailable();
};
partial interface PublicKeyCredential {
static Promise<PublicKeyCredentialClientCapabilities> getClientCapabilities();
};
typedef record<DOMString, boolean> PublicKeyCredentialClientCapabilities;
partial interface PublicKeyCredential {
static PublicKeyCredentialCreationOptions parseCreationOptionsFromJSON(PublicKeyCredentialCreationOptionsJSON options);
};
dictionary PublicKeyCredentialCreationOptionsJSON {
required PublicKeyCredentialRpEntity rp;
required PublicKeyCredentialUserEntityJSON user;
required Base64URLString challenge;
required sequence<PublicKeyCredentialParameters> pubKeyCredParams;
unsigned long timeout;
sequence<PublicKeyCredentialDescriptorJSON> excludeCredentials = [];
AuthenticatorSelectionCriteria authenticatorSelection;
sequence<DOMString> hints = [];
DOMString attestation = "none";
sequence<DOMString> attestationFormats = [];
AuthenticationExtensionsClientInputsJSON extensions;
};
dictionary PublicKeyCredentialUserEntityJSON {
required Base64URLString id;
required DOMString name;
required DOMString displayName;
};
dictionary PublicKeyCredentialDescriptorJSON {
required DOMString type;
required Base64URLString id;
sequence<DOMString> transports;
};
dictionary AuthenticationExtensionsClientInputsJSON {
};
partial interface PublicKeyCredential {
static PublicKeyCredentialRequestOptions parseRequestOptionsFromJSON(PublicKeyCredentialRequestOptionsJSON options);
};
dictionary PublicKeyCredentialRequestOptionsJSON {
required Base64URLString challenge;
unsigned long timeout;
DOMString rpId;
sequence<PublicKeyCredentialDescriptorJSON> allowCredentials = [];
DOMString userVerification = "preferred";
sequence<DOMString> hints = [];
AuthenticationExtensionsClientInputsJSON extensions;
};
partial interface PublicKeyCredential {
static Promise<undefined> signalUnknownCredential(UnknownCredentialOptions options);
static Promise<undefined> signalAllAcceptedCredentials(AllAcceptedCredentialsOptions options);
static Promise<undefined> signalCurrentUserDetails(CurrentUserDetailsOptions options);
};
dictionary UnknownCredentialOptions {
required DOMString rpId;
required Base64URLString credentialId;
};
dictionary AllAcceptedCredentialsOptions {
required DOMString rpId;
required Base64URLString userId;
required sequence<Base64URLString> allAcceptedCredentialIds;
};
dictionary CurrentUserDetailsOptions {
required DOMString rpId;
required Base64URLString userId;
required DOMString name;
required DOMString displayName;
};
[SecureContext, Exposed=Window]
interface AuthenticatorResponse {
[SameObject] readonly attribute ArrayBuffer clientDataJSON;
};
[SecureContext, Exposed=Window]
interface AuthenticatorAttestationResponse : AuthenticatorResponse {
[SameObject] readonly attribute ArrayBuffer attestationObject;
sequence<DOMString> getTransports();
ArrayBuffer getAuthenticatorData();
ArrayBuffer? getPublicKey();
COSEAlgorithmIdentifier getPublicKeyAlgorithm();
};
[SecureContext, Exposed=Window]
interface AuthenticatorAssertionResponse : AuthenticatorResponse {
[SameObject] readonly attribute ArrayBuffer authenticatorData;
[SameObject] readonly attribute ArrayBuffer signature;
[SameObject] readonly attribute ArrayBuffer? userHandle;
};
dictionary PublicKeyCredentialParameters {
required DOMString type;
required COSEAlgorithmIdentifier alg;
};
dictionary PublicKeyCredentialCreationOptions {
required PublicKeyCredentialRpEntity rp;
required PublicKeyCredentialUserEntity user;
required BufferSource challenge;
required sequence<PublicKeyCredentialParameters> pubKeyCredParams;
unsigned long timeout;
sequence<PublicKeyCredentialDescriptor> excludeCredentials = [];
AuthenticatorSelectionCriteria authenticatorSelection;
sequence<DOMString> hints = [];
DOMString attestation = "none";
sequence<DOMString> attestationFormats = [];
AuthenticationExtensionsClientInputs extensions;
};
dictionary PublicKeyCredentialEntity {
required DOMString name;
};
dictionary PublicKeyCredentialRpEntity : PublicKeyCredentialEntity {
DOMString id;
};
dictionary PublicKeyCredentialUserEntity : PublicKeyCredentialEntity {
required BufferSource id;
required DOMString displayName;
};
dictionary AuthenticatorSelectionCriteria {
DOMString authenticatorAttachment;
DOMString residentKey;
boolean requireResidentKey = false;
DOMString userVerification = "preferred";
};
enum AuthenticatorAttachment {
"platform",
"cross-platform"
};
enum ResidentKeyRequirement {
"discouraged",
"preferred",
"required"
};
enum AttestationConveyancePreference {
"none",
"indirect",
"direct",
"enterprise"
};
dictionary PublicKeyCredentialRequestOptions {
required BufferSource challenge;
unsigned long timeout;
DOMString rpId;
sequence<PublicKeyCredentialDescriptor> allowCredentials = [];
DOMString userVerification = "preferred";
sequence<DOMString> hints = [];
AuthenticationExtensionsClientInputs extensions;
};
dictionary AuthenticationExtensionsClientInputs {
};
dictionary AuthenticationExtensionsClientOutputs {
};
dictionary CollectedClientData {
required DOMString type;
required DOMString challenge;
required DOMString origin;
boolean crossOrigin;
DOMString topOrigin;
};
dictionary TokenBinding {
required DOMString status;
DOMString id;
};
enum TokenBindingStatus { "present", "supported" };
enum PublicKeyCredentialType {
"public-key"
};
dictionary PublicKeyCredentialDescriptor {
required DOMString type;
required BufferSource id;
sequence<DOMString> transports;
};
enum AuthenticatorTransport {
"usb",
"nfc",
"ble",
"smart-card",
"hybrid",
"internal"
};
typedef long COSEAlgorithmIdentifier;
enum UserVerificationRequirement {
"required",
"preferred",
"discouraged"
};
enum ClientCapability {
"conditionalCreate",
"conditionalGet",
"hybridTransport",
"passkeyPlatformAuthenticator",
"userVerifyingPlatformAuthenticator",
"relatedOrigins",
"signalAllAcceptedCredentials",
"signalCurrentUserDetails",
"signalUnknownCredential"
};
enum PublicKeyCredentialHint {
"security-key",
"client-device",
"hybrid",
};
partial dictionary AuthenticationExtensionsClientInputs {
DOMString appid;
};
partial dictionary AuthenticationExtensionsClientInputsJSON {
DOMString appid;
};
partial dictionary AuthenticationExtensionsClientOutputs {
boolean appid;
};
partial dictionary AuthenticationExtensionsClientOutputsJSON {
boolean appid;
};
partial dictionary AuthenticationExtensionsClientInputs {
DOMString appidExclude;
};
partial dictionary AuthenticationExtensionsClientInputsJSON {
DOMString appidExclude;
};
partial dictionary AuthenticationExtensionsClientOutputs {
boolean appidExclude;
};
partial dictionary AuthenticationExtensionsClientOutputsJSON {
boolean appidExclude;
};
partial dictionary AuthenticationExtensionsClientInputs {
boolean credProps;
};
partial dictionary AuthenticationExtensionsClientInputsJSON {
boolean credProps;
};
dictionary CredentialPropertiesOutput {
boolean rk;
};
partial dictionary AuthenticationExtensionsClientOutputs {
CredentialPropertiesOutput credProps;
};
partial dictionary AuthenticationExtensionsClientOutputsJSON {
CredentialPropertiesOutput credProps;
};
dictionary AuthenticationExtensionsPRFValues {
required BufferSource first;
BufferSource second;
};
dictionary AuthenticationExtensionsPRFValuesJSON {
required Base64URLString first;
Base64URLString second;
};
dictionary AuthenticationExtensionsPRFInputs {
AuthenticationExtensionsPRFValues eval;
record<DOMString, AuthenticationExtensionsPRFValues> evalByCredential;
};
dictionary AuthenticationExtensionsPRFInputsJSON {
AuthenticationExtensionsPRFValuesJSON eval;
record<DOMString, AuthenticationExtensionsPRFValuesJSON> evalByCredential;
};
partial dictionary AuthenticationExtensionsClientInputs {
AuthenticationExtensionsPRFInputs prf;
};
partial dictionary AuthenticationExtensionsClientInputsJSON {
AuthenticationExtensionsPRFInputsJSON prf;
};
dictionary AuthenticationExtensionsPRFOutputs {
boolean enabled;
AuthenticationExtensionsPRFValues results;
};
dictionary AuthenticationExtensionsPRFOutputsJSON {
boolean enabled;
AuthenticationExtensionsPRFValuesJSON results;
};
partial dictionary AuthenticationExtensionsClientOutputs {
AuthenticationExtensionsPRFOutputs prf;
};
partial dictionary AuthenticationExtensionsClientOutputsJSON {
AuthenticationExtensionsPRFOutputsJSON prf;
};
partial dictionary AuthenticationExtensionsClientInputs {
AuthenticationExtensionsLargeBlobInputs largeBlob;
};
partial dictionary AuthenticationExtensionsClientInputsJSON {
AuthenticationExtensionsLargeBlobInputsJSON largeBlob;
};
enum LargeBlobSupport {
"required",
"preferred",
};
dictionary AuthenticationExtensionsLargeBlobInputs {
DOMString support;
boolean read;
BufferSource write;
};
dictionary AuthenticationExtensionsLargeBlobInputsJSON {
DOMString support;
boolean read;
Base64URLString write;
};
partial dictionary AuthenticationExtensionsClientOutputs {
AuthenticationExtensionsLargeBlobOutputs largeBlob;
};
partial dictionary AuthenticationExtensionsClientOutputsJSON {
AuthenticationExtensionsLargeBlobOutputsJSON largeBlob;
};
dictionary AuthenticationExtensionsLargeBlobOutputs {
boolean supported;
ArrayBuffer blob;
boolean written;
};
dictionary AuthenticationExtensionsLargeBlobOutputsJSON {
boolean supported;
Base64URLString blob;
boolean written;
};
|
