Summary: | [WebAuthn] WebKitTestRunner lacks an entitlement and bundle identifier to use required [ASCAgent performAuthorizationRequestsForContext] | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | WebKit | Reporter: | pascoe <pascoe> | ||||||
Component: | WebKit Misc. | Assignee: | pascoe <pascoe> | ||||||
Status: | RESOLVED FIXED | ||||||||
Severity: | Normal | CC: | ap, bfulgham, ews-watchlist, jiewen_tan, pascoe, webkit-bug-importer | ||||||
Priority: | P1 | Keywords: | InRadar | ||||||
Version: | WebKit Nightly Build | ||||||||
Hardware: | Unspecified | ||||||||
OS: | Unspecified | ||||||||
Attachments: |
|
Description
pascoe@apple.com
2021-11-08 13:32:03 PST
Created attachment 443597 [details]
Patch
Comment on attachment 443597 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=443597&action=review > Tools/ChangeLog:10 > + WebKitTestRunner needs the "com.apple.authentication-services.allow-authentication-request-any-rpid" entitlement > + to make calls to [ASCAgent performAuthorizationRequestsForContext] I don't think that this can work in open source builds, being a restricted entitlement. If it could, then it would be of no value, as anyone could have it. Am I missing something? Yes, you're right, we would need to possibly do this in process-entitlements.sh I think we should adjust the case so that restricted entitlement is not necessary. We can add an associated domain entitlement to WKTR and TWAPI in order to enable these tests against ASCAgent without a restricted entitlement, however it requires placing .well-known/apple-app-site-association on the associated domain with the <Application Identifier Prefix>.<Bundle Identifier> of WKTR/TWAPI, therefore who's doing the code signing would still matter. Created attachment 444278 [details]
Patch
Comment on attachment 444278 [details]
Patch
r=me. Looks like a good solution!
Committed r285864 (244290@main): <https://commits.webkit.org/244290@main> All reviewed patches have been landed. Closing bug and clearing flags on attachment 444278 [details]. |