From bdcb938b242ff8b7a9ec74f1afdfcc54a14cc3c1 Mon Sep 17 00:00:00 2001 From: Emil Lundberg Date: Tue, 1 Oct 2024 16:26:16 +0200 Subject: [PATCH] Don't return an algorithm from [[DiscoverFromExternalSource]] MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This initialization of |settings| and |global| is copied from the equivalent steps of [§2.5.4. Create a Credential][1] in CredMan, which sets the arguments used to invoke the |constructCredentialAlg| in WebAuthn's [[Create]]: >Let |settings| be the [current settings object][2]. > >Assert: |settings| is a [secure context][3]. > >Let |global| be |settings|’ [global object][4]. [1]: https://w3c.github.io/webappsec-credential-management/#algorithm-create [2]: https://html.spec.whatwg.org/multipage/webappapis.html#current-settings-object [3]: https://html.spec.whatwg.org/multipage/webappapis.html#secure-context [4]: https://html.spec.whatwg.org/multipage/webappapis.html#concept-settings-object-global --- index.bs | 57 +++++++++++++++++++++++++++----------------------------- 1 file changed, 27 insertions(+), 30 deletions(-) diff --git a/index.bs b/index.bs index 0db3e9d0a..e9d51768a 100644 --- a/index.bs +++ b/index.bs @@ -2636,49 +2636,46 @@ When this method is invoked, the user agent MUST execute the following algorithm 1. If |credentialIdFilter| [=list/is empty=] and [=userHandleResult=] is null, [=continue=]. - 1. Let |constructAssertionAlg| be an algorithm that takes a [=global object=] - |global|, and whose steps are: + 1. Let |settings| be the [=current settings object=]. Let |global| be |settings|’ [=global object=]. - 1. Let |pubKeyCred| be a new {{PublicKeyCredential}} object associated with |global| whose fields are: + 1. Let |pubKeyCred| be a new {{PublicKeyCredential}} object associated with |global| whose fields are: - : {{PublicKeyCredential/[[identifier]]}} - :: A new {{ArrayBuffer}}, created using |global|'s [=%ArrayBuffer%=], containing the bytes of - |assertionCreationData|.[=credentialIdResult=]. - - : {{PublicKeyCredential/authenticatorAttachment}} - :: The {{AuthenticatorAttachment}} value matching the current [=authenticator attachment modality=] of |authenticator|. + : {{PublicKeyCredential/[[identifier]]}} + :: A new {{ArrayBuffer}}, created using |global|'s [=%ArrayBuffer%=], containing the bytes of + |assertionCreationData|.[=credentialIdResult=]. - : {{PublicKeyCredential/response}} - :: A new {{AuthenticatorAssertionResponse}} object associated with |global| whose fields are: + : {{PublicKeyCredential/authenticatorAttachment}} + :: The {{AuthenticatorAttachment}} value matching the current [=authenticator attachment modality=] of |authenticator|. - : {{AuthenticatorResponse/clientDataJSON}} - :: A new {{ArrayBuffer}}, created using |global|'s [=%ArrayBuffer%=], containing the bytes of - |assertionCreationData|.[=assertionCreationData/clientDataJSONResult=]. - - : {{AuthenticatorAssertionResponse/authenticatorData}} - :: A new {{ArrayBuffer}}, created using |global|'s [=%ArrayBuffer%=], containing the bytes of - |assertionCreationData|.[=assertionCreationData/authenticatorDataResult=]. + : {{PublicKeyCredential/response}} + :: A new {{AuthenticatorAssertionResponse}} object associated with |global| whose fields are: - : {{AuthenticatorAssertionResponse/signature}} - :: A new {{ArrayBuffer}}, created using |global|'s [=%ArrayBuffer%=], containing the bytes of - |assertionCreationData|.[=assertionCreationData/signatureResult=]. + : {{AuthenticatorResponse/clientDataJSON}} + :: A new {{ArrayBuffer}}, created using |global|'s [=%ArrayBuffer%=], containing the bytes of + |assertionCreationData|.[=assertionCreationData/clientDataJSONResult=]. - : {{AuthenticatorAssertionResponse/userHandle}} - :: If |assertionCreationData|.[=assertionCreationData/userHandleResult=] is null, set this - field to null. Otherwise, set this field to a new {{ArrayBuffer}}, created using |global|'s - [=%ArrayBuffer%=], containing the bytes of - |assertionCreationData|.[=assertionCreationData/userHandleResult=]. + : {{AuthenticatorAssertionResponse/authenticatorData}} + :: A new {{ArrayBuffer}}, created using |global|'s [=%ArrayBuffer%=], containing the bytes of + |assertionCreationData|.[=assertionCreationData/authenticatorDataResult=]. - : {{PublicKeyCredential/[[clientExtensionsResults]]}} + : {{AuthenticatorAssertionResponse/signature}} :: A new {{ArrayBuffer}}, created using |global|'s [=%ArrayBuffer%=], containing the bytes of - |assertionCreationData|.[=assertionCreationData/clientExtensionResults=]. + |assertionCreationData|.[=assertionCreationData/signatureResult=]. + + : {{AuthenticatorAssertionResponse/userHandle}} + :: If |assertionCreationData|.[=assertionCreationData/userHandleResult=] is null, set this + field to null. Otherwise, set this field to a new {{ArrayBuffer}}, created using |global|'s + [=%ArrayBuffer%=], containing the bytes of + |assertionCreationData|.[=assertionCreationData/userHandleResult=]. - 1. Return |pubKeyCred|. + : {{PublicKeyCredential/[[clientExtensionsResults]]}} + :: A new {{ArrayBuffer}}, created using |global|'s [=%ArrayBuffer%=], containing the bytes of + |assertionCreationData|.[=assertionCreationData/clientExtensionResults=]. 1. [=set/For each=] remaining |authenticator| in |issuedRequests| invoke the [=authenticatorCancel=] operation on |authenticator| and [=set/remove=] it from |issuedRequests|. - 1. Return |constructAssertionAlg| and terminate this algorithm. + 1. Return |pubKeyCred| and terminate this algorithm. 1. Throw a "{{NotAllowedError}}" {{DOMException}}.