237454 – [WebAuthn] Provide [ASCAgent performAutoFillAuthorizationRequestsForContext] SPI with frameID

Bug 237454 - [WebAuthn] Provide [ASCAgent performAutoFillAuthorizationRequestsForContext] SPI with frameID

Summary: [WebAuthn] Provide [ASCAgent performAutoFillAuthorizationRequestsForContext] ...

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	WebKit Misc. (show other bugs)
Version:	WebKit Nightly Build
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	pascoe@apple.com

URL:
Keywords:	InRadar

Depends on:
Blocks:

Reported:	2022-03-03 15:49 PST by pascoe@apple.com
Modified:	2022-03-07 09:38 PST (History)
CC List:	2 users (show)

See Also:

Attachments
Patch (4.52 KB, patch) 2022-03-03 17:31 PST, pascoe@apple.com	no flags	Details \| Formatted Diff \| Diff
Patch for landing (9.83 KB, patch) 2022-03-04 16:10 PST, pascoe@apple.com	no flags	Details \| Formatted Diff \| Diff
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description pascoe@apple.com 2022-03-03 15:49:51 PST

For conditional mediation support, [ASCAgent performAutoFillAuthorizationRequestsForContext] needs to be able to determine which frame the request came from to properly show results.

Comment 1 Radar WebKit Bug Importer 2022-03-03 15:50:01 PST

<rdar://problem/89782147>

Comment 2 pascoe@apple.com 2022-03-03 17:31:40 PST

Created attachment 453802 [details]
Patch

Comment 3 Brent Fulgham 2022-03-04 11:58:29 PST

Comment on attachment 453802 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=453802&action=review

r=me, but I think the SPI might benefit from some tweaks.

> Source/WebKit/Platform/spi/Cocoa/AuthenticationServicesCoreSPI.h:255
> +@property (nonatomic, nullable, copy) NSNumber *webFrameID;

Nit: Given that GlobalFrameIdentifier is a struct that holds a pageID and a frameID, I wonder if this SPI would have been better designed using a similar struct.

> Source/WebKit/UIProcess/WebAuthentication/Cocoa/WebAuthenticatorCoordinatorProxy.mm:239
> +static RetainPtr<ASCCredentialRequestContext> configurationAssertionRequestContext(const PublicKeyCredentialRequestOptions& options, Vector<uint8_t> hash, std::optional<WebCore::MediationRequirement> mediation, std::optional<WebCore::GlobalFrameIdentifier> frameID)

Nit: I suggest 'globalFrameID' (rather than frameID) to distinguish between the "frame-only" ID used in some code, versus this pair of frame and page.

> Source/WebKit/UIProcess/WebAuthentication/Cocoa/WebAuthenticatorCoordinatorProxy.mm:265
> +    if (frameID && [requestContext respondsToSelector:@selector(setWebFrameID:)] && [requestContext respondsToSelector:@selector(setWebPageID:)]) {

It would be nice to remember to remove these 'respondsToSelector' checks in the future, as they do incur a cost. I also wonder if it's ever possible for a version of the OS that responds to 'setWebFrameID' wouldn't also respond to 'setWebPageID'.

> Source/WebKit/UIProcess/WebAuthentication/Cocoa/WebAuthenticatorCoordinatorProxy.mm:309
> +        result = configurationAssertionRequestContext(options, requestData.hash, requestData.mediation, requestData.frameID);

I really dislike the 'frameID' accessor for this GlobalFrameID (which is a pair of Page/Frame). But that's not due to this change.

Comment 4 pascoe@apple.com 2022-03-04 16:10:36 PST

Created attachment 453878 [details]
Patch for landing

Comment 5 EWS 2022-03-07 09:38:18 PST

Committed r290893 (248124@main): <https://commits.webkit.org/248124@main>

All reviewed patches have been landed. Closing bug and clearing flags on attachment 453878 [details].