Skip to content

Commit

Permalink
Merge pull request #1923 from w3c/tc-clientfeatmethod
Browse files Browse the repository at this point in the history
Add new getClientCapabilities method
  • Loading branch information
MasterKale authored Jan 10, 2024
2 parents a83c764 + ef54380 commit 80b478c
Showing 1 changed file with 54 additions and 10 deletions.
64 changes: 54 additions & 10 deletions index.bs
Original file line number Diff line number Diff line change
Expand Up @@ -2793,25 +2793,32 @@ Note: Invoking this method from a [=browsing context=] where the [=Web Authentic

</div>

### Availability of a [=passkey platform authenticator=] - PublicKeyCredential's `isPasskeyPlatformAuthenticatorAvailable()` Method ### {#sctn-isPasskeyPlatformAuthenticatorAvailable}
### Availability of [=client=] capabilities - PublicKeyCredential's `getClientCapabilities()` Method ### {#sctn-getClientCapabilities}

<div link-for-hint="WebAuthentication/isPasskeyPlatformAuthenticatorAvailable">
<div link-for-hint="WebAuthentication/getClientCapabilities">

[=[WRPS]=] use this method to determine whether they can create a new [=passkey=] using a [=user-verifying platform authenticator=] or a {{AuthenticatorTransport/hybrid}} authenticator.
Upon invocation, the [=client=] employs a [=client platform=]-specific procedure to discover available [=user-verifying platform authenticators=] and the
availability of {{AuthenticatorTransport/hybrid}} transport.
If one or both are discovered, the promise is resolved with the value of [TRUE].
If neither is discovered, the promise is resolved with the value of [FALSE].
Based on the result, the [=[RP]=] can take further actions to guide the user to create a [=passkey=].
[=[WRPS]=] use this method to determine the availability of a limited set of [=WebAuthn Client|client=] capabilities to offer certain workflows and experiences to users. For example, an RP may offer a sign in button on clients where only {{AuthenticatorTransport/hybrid}} transport is available or where {{CredentialMediationRequirement/conditional}} mediation is unavailable (instead of showing a username field).

This method has no arguments and returns a Boolean value.
Upon invocation, the [=client=] employs a [=client platform=]-specific procedure to discover availablity of these capabilities.

This method has no arguments and returns a record of capability keys to Boolean values.

<xmp class="idl">
partial interface PublicKeyCredential {
static Promise<boolean> isPasskeyPlatformAuthenticatorAvailable();
static Promise<PublicKeyCredentialClientCapabilities> getClientCapabilities();
};

typedef record<DOMString, boolean> PublicKeyCredentialClientCapabilities;
</xmp>

[=map/Keys=] in {{PublicKeyCredentialClientCapabilities}} MUST be sorted in ascending lexicographical order.
The set of [=map/keys=] SHOULD equal the set of [=enumeration values=] of {{ClientCapability}},
but the client MAY omit keys as it deems necessary; see [[#sctn-disclosing-client-capabilities]].

When the value for a given capability is [TRUE], the feature is known to be currently supported by the client.
When the value for a given capability is [FALSE], the feature is known to be not currently supported by the client.
When a capability does not [=map/exist=] as a key, the availability of the client feature is not known.

Note: Invoking this method from a [=browsing context=] where the [=Web Authentication API=] is "disabled" according to the [=allowed to use=] algorithm&mdash;i.e., by a [=permissions policy=]&mdash;will result in the promise being rejected with a {{DOMException}} whose name is "{{NotAllowedError}}". See also [[#sctn-permissions-policy]].

</div>
Expand Down Expand Up @@ -4006,6 +4013,38 @@ Note: The {{UserVerificationRequirement}} enumeration is deliberately not refere
interest of minimizing disruption to the user interaction flow).
</div>

### Client Capability Enumeration (enum <dfn enum>ClientCapability</dfn>) ### {#enum-clientCapability}

<xmp class="idl">
enum ClientCapability {
"conditionalCreate",
"conditionalMediation",
"hybridTransport",
"passkeyPlatformAuthenticator",
"userVerifyingPlatformAuthenticator",
};
</xmp>

This enumeration defines a limited set of client capabilities which a [=[WRP]=] may evaluate to offer certain workflows and experiences to users.

Note: The {{ClientCapability}} enumeration is deliberately not referenced, see [[#sct-domstring-backwards-compatibility]].

<div dfn-type="enum-value" dfn-for="ClientCapability">
: <dfn>conditionalCreate</dfn>
:: The [=WebAuthn Client=] is capable of a {{CredentialMediationRequirement/conditional}} credential creation operation.

: <dfn>conditionalMediation</dfn>
:: The [=WebAuthn Client=] is capable of {{CredentialMediationRequirement/conditional}} mediation.

: <dfn>hybridTransport</dfn>
:: The [=WebAuthn Client=] supports usage of the {{AuthenticatorTransport/hybrid}} transport.

: <dfn>passkeyPlatformAuthenticator</dfn>
:: The [=WebAuthn Client=] supports usage of a [=passkey platform authenticator=], locally and/or via {{AuthenticatorTransport/hybrid}} transport.

: <dfn>userVerifyingPlatformAuthenticator</dfn>
:: The [=WebAuthn Client=] supports usage of a [=user-verifying platform authenticator=].
</div>

### User-agent Hints Enumeration (enum <dfn enum>PublicKeyCredentialHints</dfn>) ### {#enum-hints}

Expand Down Expand Up @@ -8905,6 +8944,11 @@ If a [=platform authenticator=] is included in a [=client device=] with a multi-
authenticator=] and [=client device=] SHOULD work together to ensure that the existence of any [=platform credential=] is revealed
only to the operating system user that created that [=platform credential=].

### Disclosing Client Capabilities ### {#sctn-disclosing-client-capabilities}

The {{getClientCapabilities}} method assists [=[WRPS]=] in crafting registration and authentication experiences which have a high chance of success with the client and/or user.

The client's support or lack of support of a WebAuthn capability may pose a fingerprinting risk. Client implementations MAY wish to limit capability disclosures based on client policy and/or user consent.

## Privacy considerations for [=[RPS]=] ## {#sctn-privacy-considerations-rp}

Expand Down

0 comments on commit 80b478c

Please sign in to comment.