Changeset 253366 in webkit
- Timestamp:
- Dec 11, 2019 3:07:45 AM (4 years ago)
- Location:
- trunk/Source/WebKit
- Files:
-
- 2 edited
-
ChangeLog (modified) (1 diff)
-
UIProcess/API/Cocoa/_WKWebAuthenticationPanel.h (modified) (2 diffs)
Legend:
- Unmodified
- Added
- Removed
-
trunk/Source/WebKit/ChangeLog
r253360 r253366 1 2019-12-11 Jiewen Tan <jiewen_tan@apple.com> 2 3 [WebAuthn] Implement dummy _WKWebAuthenticationPanel SPIs for CTAP PIN support 4 https://bugs.webkit.org/show_bug.cgi?id=205100 5 <rdar://problem/57822953> 6 7 Reviewed by Brent Fulgham. 8 9 This patch implements dummy _WKWebAuthenticationPanel SPIs for CTAP PIN support. 10 CTAP PIN is a way for authenticators to be able to do user verification by asking 11 clients/users for a pre-set PIN. Here is the spec: 12 https://fidoalliance.org/specs/fido-v2.0-ps-20190130/fido-client-to-authenticator-protocol-v2.0-ps-20190130.html#authenticatorClientPIN 13 In order to support this, WebKit needs to interacts with UIClients to ask users 14 to enter the PINs. Therefore, a new set of SPI is needed. 15 16 Here is the proposed SPI for WebKit to ask Safari for the PIN: 17 @protocol _WKWebAuthenticationPanelDelegate <NSObject> 18 @optional 19 ... 20 - (void)panel:(_WKWebAuthenticationPanel *)panel requestPINWithRetries:(NSUInteger)retries completionHandler:(void (^)(NSData *))completionHandler WK_API_AVAILABLE(macos(WK_MAC_TBA), ios(WK_IOS_TBA)); 21 ... 22 @end 23 24 Retries is the number of retires before the authenticator getting blocked, which 25 is a state that only factory reset can save the authenticator. UIClients can have 26 a threshold and WARN users loudly when the threshold is reached. 27 A byte array that is less than or equal to 63 bytes is expected to return to the 28 passed completion handler. Otherwise, the completion handler will bail out. 29 30 For error handling: 31 typedef NS_ENUM(NSInteger, _WKWebAuthenticationPanelUpdate) { 32 ... 33 _WKWebAuthenticationPanelUpdatePINBlocked, 34 _WKWebAuthenticationPanelUpdatePINAuthBlocked, 35 _WKWebAuthenticationPanelUpdatePINInvalid, 36 } WK_API_AVAILABLE(macos(WK_MAC_TBA), ios(WK_IOS_TBA)); 37 38 The above three error will be passed to UIClients via updateWebAuthenticationPanel SPI. 39 _WKWebAuthenticationPanelUpdatePINBlocked means the authenticator is dead. A factory 40 reset is needed. 41 _WKWebAuthenticationPanelUpdatePINAuthBlocked means 3 consecutive mismatches. The 42 authenticator will need to be reconnected. 43 _WKWebAuthenticationPanelUpdatePINInvalid means a wrong PIN is provided. This will 44 often be followed with another requestPINWithRetries delegate call. 45 Here is the spec for the error: 46 https://fidoalliance.org/specs/fido-v2.0-ps-20190130/fido-client-to-authenticator-protocol-v2.0-ps-20190130.html#using-pinToken-in-authenticatorMakeCredential. 47 48 * UIProcess/API/Cocoa/_WKWebAuthenticationPanel.h: 49 1 50 2019-12-10 Chris Dumez <cdumez@apple.com> 2 51 -
trunk/Source/WebKit/UIProcess/API/Cocoa/_WKWebAuthenticationPanel.h
r251762 r253366 43 43 _WKWebAuthenticationPanelUpdateMultipleNFCTagsPresent, 44 44 _WKWebAuthenticationPanelUpdateNoCredentialsFound, 45 _WKWebAuthenticationPanelUpdatePINBlocked, 46 _WKWebAuthenticationPanelUpdatePINAuthBlocked, 47 _WKWebAuthenticationPanelUpdatePINInvalid, 45 48 } WK_API_AVAILABLE(macos(WK_MAC_TBA), ios(WK_IOS_TBA)); 46 49 … … 66 69 - (void)panel:(_WKWebAuthenticationPanel *)panel updateWebAuthenticationPanel:(_WKWebAuthenticationPanelUpdate)update WK_API_AVAILABLE(macos(WK_MAC_TBA), ios(WK_IOS_TBA)); 67 70 - (void)panel:(_WKWebAuthenticationPanel *)panel dismissWebAuthenticationPanelWithResult:(_WKWebAuthenticationResult)result WK_API_AVAILABLE(macos(WK_MAC_TBA), ios(WK_IOS_TBA)); 71 - (void)panel:(_WKWebAuthenticationPanel *)panel requestPINWithRetries:(NSUInteger)retries completionHandler:(void (^)(NSData *))completionHandler WK_API_AVAILABLE(macos(WK_MAC_TBA), ios(WK_IOS_TBA)); 68 72 69 73 @end
Note: See TracChangeset
for help on using the changeset viewer.
