Title: [253366] trunk/Source/WebKit
- Revision
- 253366
- Author
- jiewen_...@apple.com
- Date
- 2019-12-11 03:07:45 -0800 (Wed, 11 Dec 2019)
Log Message
[WebAuthn] Implement dummy _WKWebAuthenticationPanel SPIs for CTAP PIN support
https://bugs.webkit.org/show_bug.cgi?id=205100
<rdar://problem/57822953>
Reviewed by Brent Fulgham.
This patch implements dummy _WKWebAuthenticationPanel SPIs for CTAP PIN support.
CTAP PIN is a way for authenticators to be able to do user verification by asking
clients/users for a pre-set PIN. Here is the spec:
https://fidoalliance.org/specs/fido-v2.0-ps-20190130/fido-client-to-authenticator-protocol-v2.0-ps-20190130.html#authenticatorClientPIN
In order to support this, WebKit needs to interacts with UIClients to ask users
to enter the PINs. Therefore, a new set of SPI is needed.
Here is the proposed SPI for WebKit to ask Safari for the PIN:
@protocol _WKWebAuthenticationPanelDelegate <NSObject>
@optional
...
- (void)panel:(_WKWebAuthenticationPanel *)panel requestPINWithRetries:(NSUInteger)retries completionHandler:(void (^)(NSData *))completionHandler WK_API_AVAILABLE(macos(WK_MAC_TBA), ios(WK_IOS_TBA));
...
@end
Retries is the number of retires before the authenticator getting blocked, which
is a state that only factory reset can save the authenticator. UIClients can have
a threshold and WARN users loudly when the threshold is reached.
A byte array that is less than or equal to 63 bytes is expected to return to the
passed completion handler. Otherwise, the completion handler will bail out.
For error handling:
typedef NS_ENUM(NSInteger, _WKWebAuthenticationPanelUpdate) {
...
_WKWebAuthenticationPanelUpdatePINBlocked,
_WKWebAuthenticationPanelUpdatePINAuthBlocked,
_WKWebAuthenticationPanelUpdatePINInvalid,
} WK_API_AVAILABLE(macos(WK_MAC_TBA), ios(WK_IOS_TBA));
The above three error will be passed to UIClients via updateWebAuthenticationPanel SPI.
_WKWebAuthenticationPanelUpdatePINBlocked means the authenticator is dead. A factory
reset is needed.
_WKWebAuthenticationPanelUpdatePINAuthBlocked means 3 consecutive mismatches. The
authenticator will need to be reconnected.
_WKWebAuthenticationPanelUpdatePINInvalid means a wrong PIN is provided. This will
often be followed with another requestPINWithRetries delegate call.
Here is the spec for the error:
https://fidoalliance.org/specs/fido-v2.0-ps-20190130/fido-client-to-authenticator-protocol-v2.0-ps-20190130.html#using-pinToken-in-authenticatorMakeCredential.
* UIProcess/API/Cocoa/_WKWebAuthenticationPanel.h:
Modified Paths
Diff
Modified: trunk/Source/WebKit/ChangeLog (253365 => 253366)
--- trunk/Source/WebKit/ChangeLog 2019-12-11 09:48:01 UTC (rev 253365)
+++ trunk/Source/WebKit/ChangeLog 2019-12-11 11:07:45 UTC (rev 253366)
@@ -1,3 +1,52 @@
+2019-12-11 Jiewen Tan <jiewen_...@apple.com>
+
+ [WebAuthn] Implement dummy _WKWebAuthenticationPanel SPIs for CTAP PIN support
+ https://bugs.webkit.org/show_bug.cgi?id=205100
+ <rdar://problem/57822953>
+
+ Reviewed by Brent Fulgham.
+
+ This patch implements dummy _WKWebAuthenticationPanel SPIs for CTAP PIN support.
+ CTAP PIN is a way for authenticators to be able to do user verification by asking
+ clients/users for a pre-set PIN. Here is the spec:
+ https://fidoalliance.org/specs/fido-v2.0-ps-20190130/fido-client-to-authenticator-protocol-v2.0-ps-20190130.html#authenticatorClientPIN
+ In order to support this, WebKit needs to interacts with UIClients to ask users
+ to enter the PINs. Therefore, a new set of SPI is needed.
+
+ Here is the proposed SPI for WebKit to ask Safari for the PIN:
+ @protocol _WKWebAuthenticationPanelDelegate <NSObject>
+ @optional
+ ...
+ - (void)panel:(_WKWebAuthenticationPanel *)panel requestPINWithRetries:(NSUInteger)retries completionHandler:(void (^)(NSData *))completionHandler WK_API_AVAILABLE(macos(WK_MAC_TBA), ios(WK_IOS_TBA));
+ ...
+ @end
+
+ Retries is the number of retires before the authenticator getting blocked, which
+ is a state that only factory reset can save the authenticator. UIClients can have
+ a threshold and WARN users loudly when the threshold is reached.
+ A byte array that is less than or equal to 63 bytes is expected to return to the
+ passed completion handler. Otherwise, the completion handler will bail out.
+
+ For error handling:
+ typedef NS_ENUM(NSInteger, _WKWebAuthenticationPanelUpdate) {
+ ...
+ _WKWebAuthenticationPanelUpdatePINBlocked,
+ _WKWebAuthenticationPanelUpdatePINAuthBlocked,
+ _WKWebAuthenticationPanelUpdatePINInvalid,
+ } WK_API_AVAILABLE(macos(WK_MAC_TBA), ios(WK_IOS_TBA));
+
+ The above three error will be passed to UIClients via updateWebAuthenticationPanel SPI.
+ _WKWebAuthenticationPanelUpdatePINBlocked means the authenticator is dead. A factory
+ reset is needed.
+ _WKWebAuthenticationPanelUpdatePINAuthBlocked means 3 consecutive mismatches. The
+ authenticator will need to be reconnected.
+ _WKWebAuthenticationPanelUpdatePINInvalid means a wrong PIN is provided. This will
+ often be followed with another requestPINWithRetries delegate call.
+ Here is the spec for the error:
+ https://fidoalliance.org/specs/fido-v2.0-ps-20190130/fido-client-to-authenticator-protocol-v2.0-ps-20190130.html#using-pinToken-in-authenticatorMakeCredential.
+
+ * UIProcess/API/Cocoa/_WKWebAuthenticationPanel.h:
+
2019-12-10 Chris Dumez <cdu...@apple.com>
[macOS] Issue load sooner on swipe back/forward navigation
Modified: trunk/Source/WebKit/UIProcess/API/Cocoa/_WKWebAuthenticationPanel.h (253365 => 253366)
--- trunk/Source/WebKit/UIProcess/API/Cocoa/_WKWebAuthenticationPanel.h 2019-12-11 09:48:01 UTC (rev 253365)
+++ trunk/Source/WebKit/UIProcess/API/Cocoa/_WKWebAuthenticationPanel.h 2019-12-11 11:07:45 UTC (rev 253366)
@@ -42,6 +42,9 @@
typedef NS_ENUM(NSInteger, _WKWebAuthenticationPanelUpdate) {
_WKWebAuthenticationPanelUpdateMultipleNFCTagsPresent,
_WKWebAuthenticationPanelUpdateNoCredentialsFound,
+ _WKWebAuthenticationPanelUpdatePINBlocked,
+ _WKWebAuthenticationPanelUpdatePINAuthBlocked,
+ _WKWebAuthenticationPanelUpdatePINInvalid,
} WK_API_AVAILABLE(macos(WK_MAC_TBA), ios(WK_IOS_TBA));
typedef NS_ENUM(NSInteger, _WKWebAuthenticationResult) {
@@ -65,6 +68,7 @@
- (void)panel:(_WKWebAuthenticationPanel *)panel updateWebAuthenticationPanel:(_WKWebAuthenticationPanelUpdate)update WK_API_AVAILABLE(macos(WK_MAC_TBA), ios(WK_IOS_TBA));
- (void)panel:(_WKWebAuthenticationPanel *)panel dismissWebAuthenticationPanelWithResult:(_WKWebAuthenticationResult)result WK_API_AVAILABLE(macos(WK_MAC_TBA), ios(WK_IOS_TBA));
+- (void)panel:(_WKWebAuthenticationPanel *)panel requestPINWithRetries:(NSUInteger)retries completionHandler:(void (^)(NSData *))completionHandler WK_API_AVAILABLE(macos(WK_MAC_TBA), ios(WK_IOS_TBA));
@end
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes