[Webkit-unassigned] [Bug 232977] _WKWebAuthenticationPanel should expose a way to encode CTAP commands
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Nov 12 08:28:37 PST 2021
https://bugs.webkit.org/show_bug.cgi?id=232977
--- Comment #8 from j_pascoe at apple.com <j_pascoe at apple.com> ---
(In reply to j_pascoe at apple.com from comment #4)
> Comment on attachment 444012 [details]
> Patch
>
> View in context:
> https://bugs.webkit.org/attachment.cgi?id=444012&action=review
>
> > Source/WebKit/UIProcess/API/Cocoa/_WKWebAuthenticationPanel.mm:644
> > ++ (NSData *)encodeMakeCredentialCommandWithClientDataJSON:(NSData *)clientDataJSON options:(_WKPublicKeyCredentialCreationOptions *)options userVerificationAvailability:(_WKWebAuthenticationUserVerificationAvailability)userVerificationAvailability
>
> Could we just take in the hash on these? Trying to cut down on the amount of
> times we generate clientDataJSON.
>
> In web flows, it's originally calculated from CredentialsContainer.cpp:92 ->
> AuthenticatorCoordinator.cpp:246 (client data json generated here and hash
> passed along) -> WebAuthenticatorCoordinator.cpp:100 and then the hash gets
> ignored in the new WebAuthenticatorCoordinatorProxy::getAssertion instead of
> being passed along to ASC agent only to be regenerated later in a call to
> getAssertionWithChallenge.
Any reason we can't do this?
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20211112/ffd65a2c/attachment.htm>
More information about the webkit-unassigned
mailing list