Bug 233216

Summary: [WebAuthn] Add SPI for makeCredential / getAssertion using clientDataHash
Product: WebKit Reporter: j_pascoe <j_pascoe>
Component: WebKit Misc.Assignee: j_pascoe <j_pascoe>
Severity: Normal CC: bfulgham, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Bug Depends on:    
Bug Blocks: 233371    
Description Flags
ews-feeder: commit-queue-
Patch none

Description j_pascoe@apple.com 2021-11-16 14:46:15 PST
In order to avoid needing to make and coordinate changes to ASC to support new fields or changes within ClientDataJSON and to maintain a single source of truth, calls to ASC from WebKit will contain a precomputed ClientDataHash.

This will especially be relevant if we choose to support Secure Payment Confirmation (SPC), which involves extending ClientDataJSON with payment related fields not relevant to AuthenticationServices (https://www.w3.org/TR/2021/WD-secure-payment-confirmation-20210831/#dictdef-collectedclientpaymentdata).
Comment 1 Radar WebKit Bug Importer 2021-11-16 14:47:40 PST
Comment 2 j_pascoe@apple.com 2021-11-16 15:34:28 PST
Created attachment 444443 [details]
Comment 3 j_pascoe@apple.com 2021-11-16 16:21:12 PST
Created attachment 444447 [details]
Comment 4 Brent Fulgham 2021-11-17 15:04:33 PST
Comment on attachment 444447 [details]

Comment 5 EWS 2021-11-17 16:10:08 PST
Committed r285965 (244365@main): <https://commits.webkit.org/244365@main>

All reviewed patches have been landed. Closing bug and clearing flags on attachment 444447 [details].