|Summary:||[WebAuthn] WebKitTestRunner lacks an entitlement and bundle identifier to use required [ASCAgent performAuthorizationRequestsForContext]|
|Component:||WebKit Misc.||Assignee:||j_pascoe <j_pascoe>|
|Severity:||Normal||CC:||ap, bfulgham, ews-watchlist, jiewen_tan, j_pascoe, webkit-bug-importer|
|Version:||WebKit Nightly Build|
Description firstname.lastname@example.org 2021-11-08 13:32:03 PST
WebKitTestRunner needs the "com.apple.authentication-services.allow-authentication-request-any-rpid" entitlement to make calls to [ASCAgent performAuthorizationRequestsForContext]
Comment 3 Alexey Proskuryakov 2021-11-08 15:06:09 PST
Comment on attachment 443597 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=443597&action=review > Tools/ChangeLog:10 > + WebKitTestRunner needs the "com.apple.authentication-services.allow-authentication-request-any-rpid" entitlement > + to make calls to [ASCAgent performAuthorizationRequestsForContext] I don't think that this can work in open source builds, being a restricted entitlement. If it could, then it would be of no value, as anyone could have it. Am I missing something?
Comment 4 email@example.com 2021-11-08 15:32:52 PST
Yes, you're right, we would need to possibly do this in process-entitlements.sh
Comment 5 Brent Fulgham 2021-11-08 17:45:33 PST
I think we should adjust the case so that restricted entitlement is not necessary.
Comment 6 firstname.lastname@example.org 2021-11-10 15:52:43 PST
We can add an associated domain entitlement to WKTR and TWAPI in order to enable these tests against ASCAgent without a restricted entitlement, however it requires placing .well-known/apple-app-site-association on the associated domain with the <Application Identifier Prefix>.<Bundle Identifier> of WKTR/TWAPI, therefore who's doing the code signing would still matter.
Comment 8 Brent Fulgham 2021-11-16 07:57:46 PST
Comment on attachment 444278 [details] Patch r=me. Looks like a good solution!