[Webkit-unassigned] [Bug 232977] _WKWebAuthenticationPanel should expose a way to encode CTAP commands

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Thu Nov 11 16:00:10 PST 2021


j_pascoe at apple.com <j_pascoe at apple.com> changed:

           What    |Removed                     |Added
                 CC|                            |j_pascoe at apple.com

--- Comment #4 from j_pascoe at apple.com <j_pascoe at apple.com> ---
Comment on attachment 444012
  --> https://bugs.webkit.org/attachment.cgi?id=444012

View in context: https://bugs.webkit.org/attachment.cgi?id=444012&action=review

> Source/WebKit/UIProcess/API/Cocoa/_WKWebAuthenticationPanel.mm:644
> ++ (NSData *)encodeMakeCredentialCommandWithClientDataJSON:(NSData *)clientDataJSON options:(_WKPublicKeyCredentialCreationOptions *)options userVerificationAvailability:(_WKWebAuthenticationUserVerificationAvailability)userVerificationAvailability

Could we just take in the hash on these? Trying to cut down on the amount of times we generate clientDataJSON.

In web flows, it's originally calculated from CredentialsContainer.cpp:92 -> AuthenticatorCoordinator.cpp:246 (client data json generated here and hash passed along) -> WebAuthenticatorCoordinator.cpp:100 and then the hash gets ignored in the new WebAuthenticatorCoordinatorProxy::getAssertion instead of being passed along to ASC agent only to be regenerated later in a call to getAssertionWithChallenge.

You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20211112/5e746921/attachment.htm>

More information about the webkit-unassigned mailing list