Let the embedder control the scheduling of multiple simultaneous WebAuthn requests |
||
Issue descriptionCurrently, //content restricts the WebAuthn API to have at most one request at a time in each RenderFrame. On the one hand, this might be too restrictive for some embedders, while on the other hand, it's not restrictive enough for //chrome, which renders UI on a per-WebContents basis, so cannot handle multiple frames issuing one request each at the same time. Ultimately, we should get to a state where: (A) //content can handle any number of simultaneous WebAuthn requests, (B) the embedder can reject requests however it sees fit, (C) the embedder can put requests "on hold" before they start (e.g. the API would return a promise, but the discoveries would not start until the embedder says so) (D) the embedder can put suspend requests even after they have already started (e.g. the discoveries and device communication would be suspended, so that another request can be started).
,
Jun 4 2018
The plan to get to (ABCD) is to: -- Implement (B) first so that the embedder can chose to deal with at most one request per WebContents at a time, which unblocks UI development in //chrome -- Implement (A) to lift the restriction of "one request / RenderFrame". -- Implement (C) and investigate if (B) is still needed in this world. -- Implement (D) if needed (optional). This likely requires a lot of refactoring.
,
Jun 5 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/5b108876e509a47372308a94b611066235b8b4ba commit 5b108876e509a47372308a94b611066235b8b4ba Author: Balazs Engedy <engedy@chromium.org> Date: Tue Jun 05 09:30:46 2018 Let the embedder reject WebAuthn requests. Allow an embedder of //content to reject a WebAuthn request, should it wish to do so, by returning a nullptr RequestClientDelegate from the ContentBrowserClient::GetWebAuthenticationRequestDelegate call. Make use of this in //chrome by adding an AuthenticatorRequestScheduler that only allows at most one request per WebContents at a time. This ensures there will be no UI collisions once we start showing a bubble for each request. Bug: 849309 Change-Id: I8cf6087c77b3575f8a30ebab930131bf1f627a09 Reviewed-on: https://chromium-review.googlesource.com/1085567 Commit-Queue: Balazs Engedy <engedy@chromium.org> Reviewed-by: Scott Violet <sky@chromium.org> Reviewed-by: Kim Paulhamus <kpaulhamus@chromium.org> Cr-Commit-Position: refs/heads/master@{#564419} [modify] https://crrev.com/5b108876e509a47372308a94b611066235b8b4ba/chrome/browser/BUILD.gn [modify] https://crrev.com/5b108876e509a47372308a94b611066235b8b4ba/chrome/browser/chrome_content_browser_client.cc [add] https://crrev.com/5b108876e509a47372308a94b611066235b8b4ba/chrome/browser/webauthn/authenticator_request_scheduler.cc [add] https://crrev.com/5b108876e509a47372308a94b611066235b8b4ba/chrome/browser/webauthn/authenticator_request_scheduler.h [add] https://crrev.com/5b108876e509a47372308a94b611066235b8b4ba/chrome/browser/webauthn/authenticator_request_scheduler_unittest.cc [modify] https://crrev.com/5b108876e509a47372308a94b611066235b8b4ba/chrome/browser/webauthn/chrome_authenticator_request_delegate.cc [modify] https://crrev.com/5b108876e509a47372308a94b611066235b8b4ba/chrome/browser/webauthn/chrome_authenticator_request_delegate.h [modify] https://crrev.com/5b108876e509a47372308a94b611066235b8b4ba/chrome/test/BUILD.gn [modify] https://crrev.com/5b108876e509a47372308a94b611066235b8b4ba/content/browser/webauth/authenticator_impl.cc [modify] https://crrev.com/5b108876e509a47372308a94b611066235b8b4ba/content/browser/webauth/authenticator_impl_unittest.cc [modify] https://crrev.com/5b108876e509a47372308a94b611066235b8b4ba/content/public/browser/content_browser_client.h
,
Jan 16
|
||
►
Sign in to add a comment |
||
Comment 1 by engedy@chromium.org
, Jun 4 2018