Add DiscoverCredentials method #136
Description
In order to support autofill scenarios, we need to provide a method that allows a user to silently discover the existence of credentials.
Some considerations on the design:
- should we allow cross-origin requests (probably specific to credential type)? Is that even meaningful?
- what data should we return?
Prior art
WebAuthn
DiscoverableCredentialMetadata includes the following fields:
{
"type": "public-key",
"id": "credentialID",
"rpId": "example.com"
"userHandle": "abcdefghi1n",
"otherUI": ??
}Android
I have no idea how Android allows browsers to do credential discovery.
docs
Apple
Browser API:
platformCredentials(
forRelyingParty relyingParty: String
) async -> [ASAuthorizationWebBrowserPlatformPublicKeyCredential]
struct ASAuthorizationWebBrowserPlatformPublicKeyCredential {
/// A string the person can supply to describe this credential.
let customTitle: String
/// The user name for the account associated with this credential.
let name: String
/// The name of the app that manages this credential, or “iCloud Keychain” if it’s the operating system.
let providerName: String
/// The relying party that issues challenges for this credential.
let relyingParty: String
/// A unique identifier for the user account at the relying party.
let userHandle: Data
/// The identifier the operating system uses for this credential.
let credentialID: Data
}Returns metadata for passkey. Returns credential ID, RP ID, user ID, user name and provider name.
Credential provider side:
ASCredentialProviderViewController.prepareCredentialList(
for: [ASCredentialServiceIdentifier],
requestParameters: ASPasskeyCredentialRequestParameters
)Receives a list of "service identifiers" (URL, domain or app ID), which the credential provider should use to pull up a list of for display.
Windows
typedef struct _WEBAUTHN_CREDENTIAL_DETAILS {
// Version of this structure, to allow for modifications in the future.
DWORD dwVersion;
// Size of pbCredentialID.
DWORD cbCredentialID;
_Field_size_bytes_(cbCredentialID)
PBYTE pbCredentialID;
// RP Info
PWEBAUTHN_RP_ENTITY_INFORMATION pRpInformation;
// User Info
PWEBAUTHN_USER_ENTITY_INFORMATION pUserInformation;
// Removable or not.
BOOL bRemovable;
//
// The following fields have been added in WEBAUTHN_CREDENTIAL_DETAILS_VERSION_2
//
// Backed Up or not.
BOOL bBackedUp;
//
// The following fields have been added in WEBAUTHN_CREDENTIAL_DETAILS_VERSION_3
//
PCWSTR pwszAuthenticatorName;
// The logo is expected to be in the svg format
DWORD cbAuthenticatorLogo;
_Field_size_bytes_(cbAuthenticatorLogo)
PBYTE pbAuthenticatorLogo;
// ThirdPartyPayment Credential or not.
BOOL bThirdPartyPayment;
//
// The following fields have been added in WEBAUTHN_CREDENTIAL_DETAILS_VERSION_4
//
// Applicable Transports
DWORD dwTransports;
} WEBAUTHN_CREDENTIAL_DETAILS, *PWEBAUTHN_CREDENTIAL_DETAILS;
typedef const WEBAUTHN_CREDENTIAL_DETAILS *PCWEBAUTHN_CREDENTIAL_DETAILS;
typedef struct _WEBAUTHN_GET_CREDENTIALS_OPTIONS {
// Version of this structure, to allow for modifications in the future.
DWORD dwVersion;
// Optional.
LPCWSTR pwszRpId;
// Optional. BrowserInPrivate Mode. Defaulting to FALSE.
BOOL bBrowserInPrivateMode;
} WEBAUTHN_GET_CREDENTIALS_OPTIONS, *PWEBAUTHN_GET_CREDENTIALS_OPTIONS;
typedef const WEBAUTHN_GET_CREDENTIALS_OPTIONS *PCWEBAUTHN_GET_CREDENTIALS_OPTIONS;
HRESULT
WINAPI
WebAuthNGetPlatformCredentialList(
_In_ PCWEBAUTHN_GET_CREDENTIALS_OPTIONS pGetCredentialsOptions,
_Outptr_result_maybenull_ PWEBAUTHN_CREDENTIAL_DETAILS_LIST *ppCredentialDetailsList);Allows retrieving credential metadata by RP ID, with flag for browser private mode. Returns credential ID, RP ID, user ID and other information.