Add a WebDriver Virtual Authenticator extension #1256
Conversation
Commit the editorial suggestions Co-Authored-By: =JeffH <jdhodges@google.com>
Apply trivial changes Co-Authored-By: =JeffH <jdhodges@google.com>
Add the `RemoveVirtualAuthenticator` command to ChromeDriver. A draft of the proposed addition to the specification is available at w3c/webauthn#1256 This is one in a series of patches intended to create a Testing API for WebAuthn, for use in Web Platform Tests and by external webauthn tests. For an overview of overall design, please see https://docs.google.com/document/d/1bp2cMgjm2HSpvL9-WsJoIQMsBi1oKGQY6CvWD-9WmIQ/edit?usp=sharing Bug: 922572 Change-Id: I5b6094cc5eb9a52afc8ee89d548c3452a728b1fe Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1713301 Auto-Submit: Nina Satragno <nsatragno@chromium.org> Commit-Queue: John Chen <johnchen@chromium.org> Reviewed-by: John Chen <johnchen@chromium.org> Cr-Commit-Position: refs/heads/master@{#679727}
Add the `AddCredential` command to ChromeDriver. A draft of the proposed addition to the specification is available at w3c/webauthn#1256 This is one in a series of patches intended to create a Testing API for WebAuthn, for use in Web Platform Tests and by external webauthn tests. For an overview of overall design, please see https://docs.google.com/document/d/1bp2cMgjm2HSpvL9-WsJoIQMsBi1oKGQY6CvWD-9WmIQ/edit?usp=sharing Bug: 922572 Change-Id: Id9b9fb75ab6682126d5d1275b12785640b7f0053 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1729963 Commit-Queue: Nina Satragno <nsatragno@chromium.org> Auto-Submit: Nina Satragno <nsatragno@chromium.org> Reviewed-by: John Chen <johnchen@chromium.org> Cr-Commit-Position: refs/heads/master@{#683364}
Add the `AddCredential` command to ChromeDriver. A draft of the proposed addition to the specification is available at w3c/webauthn#1256 This is one in a series of patches intended to create a Testing API for WebAuthn, for use in Web Platform Tests and by external webauthn tests. For an overview of overall design, please see https://docs.google.com/document/d/1bp2cMgjm2HSpvL9-WsJoIQMsBi1oKGQY6CvWD-9WmIQ/edit?usp=sharing Bug: 922572 Change-Id: Id9b9fb75ab6682126d5d1275b12785640b7f0053 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1729963 Commit-Queue: Nina Satragno <nsatragno@chromium.org> Auto-Submit: Nina Satragno <nsatragno@chromium.org> Reviewed-by: John Chen <johnchen@chromium.org> Cr-Commit-Position: refs/heads/master@{#683364}
|
Note: I've asked @AutomatedTester to do a review pass here from the Mozilla side. |
|
|
||
| The [=remote end steps=] are: | ||
|
|
||
| 1. If |authenticatorId| does not match any [=Virtual Authenticator=] stored in the [=Virtual Authenticator |
There was a problem hiding this comment.
Since we are deleting it, if it is not there does it really matter is what I mean. If you feel it does matter then leave it in.
|
|
||
| The [=remote end steps=] are: | ||
|
|
||
| 1. If |authenticatorId| does not match any [=Virtual Authenticator=] stored in the [=Virtual Authenticator |
There was a problem hiding this comment.
Do we really need to error here when there are not items that match. Can't we just try do the right thing and if not just go meh?
There was a problem hiding this comment.
What do you mean exactly? If the authenticatorId doesn't match, just don't do anything and return success? If that's the case, that would potentially be a source of confusion for developers that's easily avoided by returning an error... the UA has to check for the existance of the authenticator anyway. Maybe I'm misunderstanding you?
There was a problem hiding this comment.
Since we are deleting it, if it is not there does it really matter is what I mean. If you feel it does matter then leave it in.
There was a problem hiding this comment.
I think it does matter. The most likely scenario for trying to delete something that is not there is a developer oversight. Catching that early means less headaches. And if say a library wanted that functionality, they could catch the error and pretend nothing happened.
There was a problem hiding this comment.
This and the above conversation can be set as resolved now?
|
|
||
| The [=remote end steps=] are: | ||
|
|
||
| 1. If |authenticatorId| does not match any [=Virtual Authenticator=] stored in the [=Virtual Authenticator |
There was a problem hiding this comment.
What do you mean exactly? If the authenticatorId doesn't match, just don't do anything and return success? If that's the case, that would potentially be a source of confusion for developers that's easily avoided by returning an error... the UA has to check for the existance of the authenticator anyway. Maybe I'm misunderstanding you?
|
Just a question @nsatragno: In the algorithm for adding a Virtual Authenticator, we emit a WebDriver error when the parameter doesn't have a valid value. If, for example, a browser initially only supported |
To clarify, I think the WebDriver implementation for WebAuthn could be used then for FIDO U2F's JS API, which would let us write Web Platform Tests for U2F. Which I want to get, if at all possible. Other than this question, I am ready to grant this review from the Mozilla side. |
There was a problem hiding this comment.
If, for example, a browser initially only supported protocol being ctap1/u2f, would emitting a WebDriver error for all other protocols (e.g. ctap2) permit the relevant tests to continue on, or is such an error fatal?
To clarify, I think the WebDriver implementation for WebAuthn could be used then for FIDO U2F's JS API, which would let us write Web Platform Tests for U2F. Which I want to get, if at all possible.
If the browser only supports a subset of the protocols, tests that create authenticators using that subset should work. For example, browsers could first support ctap1/u2f to pass the U2F API WPTs and add support for ctap2 later.
Perhaps we can add a clarification to the spec as an additional step under the AddVirtualAuthenticator algo like
1. If the |parameters|' |protocol| property is not supported by the user agent,
return a [=WebDriver error=] with [=WebDriver error code=] [=invalid argument=].
So yes, this API would let us write tests for the U2F JS API, too :)
What do you think?
|
|
||
| The [=remote end steps=] are: | ||
|
|
||
| 1. If |authenticatorId| does not match any [=Virtual Authenticator=] stored in the [=Virtual Authenticator |
There was a problem hiding this comment.
I think it does matter. The most likely scenario for trying to delete something that is not there is a developer oversight. Catching that early means less headaches. And if say a library wanted that functionality, they could catch the error and pretend nothing happened.
I think I hit 'approve' :) |
|
Hi @nsatragno -- IIUC, your answer to @jcjones in #1256 (review) implies that returning a webdriver error does not necessarily halt a testing run, correct? Also, IIUC, you have not as yet added the step proposed in #1256 (review) to the AddVirtualAuthenticator algo. Is @jcjones' appoval contingent on that being added? HTH, equalsJeffH |
|
The clarification doesn't sound normative to me, but I'd be happy to wait until it is available before merging rather than worrying about it more in the future. |
|
help |
|
Lets discuss it next week in TPAC where more Edge folks will be present and can review it more thoroughly. |
This change introduces a WebDriver Extension that lets clients create and manipulate virtual authenticators. This API can be used by web developers to write tests against the WebAuthn API and it's also possible to leverage it on WPTs through testdriver.js. Being able to instantiate virtual authenticators on WPTs would be a major step towards enabling testing a larger surface area of the API across multiple browsers.
Fixes #1236
Preview | Diff