Source code
Revision control
Copy as Markdown
Other Tools
Test Info: Warnings
- This test has a WPT meta file that expects 1 subtest issues.
- This WPT test may be referenced by the following Test IDs:
- /webauthn/createcredential-resident-key.https.html - WPT Dashboard Interop Dashboard
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>navigator.credentials.create() test with residentKey and credProps</title>
<meta name="timeout" content="long">
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script src="/resources/testdriver.js"></script>
<script src="/resources/testdriver-vendor.js"></script>
<script src=helpers.js></script>
<script>
"use strict";
const credPropsTests = [
{
name: "U2F",
authenticatorArgs: {
protocol: "ctap1/u2f",
},
expected: {
discouraged: {
success: true,
hasRk: true,
rk: false,
},
preferred: {
success: true,
hasRk: true,
rk: false,
},
required: {
success: false,
},
},
},
{
name: "CTAP 2.0 without resident key support",
authenticatorArgs: {
protocol: "ctap2",
hasResidentKey: false,
hasUserVerification: true,
isUserVerified: true,
},
expected: {
discouraged: {
success: true,
hasRk: true,
rk: false,
},
preferred: {
success: true,
hasRk: true,
rk: false,
},
required: {
success: false,
},
},
},
{
name: "CTAP 2.0 with resident key support",
authenticatorArgs: {
protocol: "ctap2",
hasResidentKey: true,
hasUserVerification: true,
isUserVerified: true,
},
expected: {
discouraged: {
success: true,
// CTAP2.0 authenticators may treat all credentials as discoverable,
// thus Chrome omits 'rk' in this case.
hasRk: false,
},
preferred: {
success: true,
hasRk: true,
rk: true,
},
required: {
success: true,
hasRk: true,
rk: true,
},
},
},
{
name: "CTAP 2.1 without resident key support",
authenticatorArgs: {
protocol: "ctap2_1",
hasResidentKey: false,
hasUserVerification: true,
isUserVerified: true,
},
expected: {
discouraged: {
success: true,
hasRk: true,
rk: false,
},
preferred: {
success: true,
hasRk: true,
rk: false,
},
required: {
success: false,
},
},
},
{
name: "CTAP 2.1 with resident key support",
authenticatorArgs: {
protocol: "ctap2_1",
hasResidentKey: true,
hasUserVerification: true,
isUserVerified: true,
},
expected: {
discouraged: {
success: true,
hasRk: true,
rk: false,
},
preferred: {
success: true,
hasRk: true,
rk: true,
},
required: {
success: true,
hasRk: true,
rk: true,
},
},
},
];
for (const fixture of credPropsTests) {
for (const rkRequirement of ["discouraged", "preferred", "required"]) {
virtualAuthenticatorPromiseTest(async t => {
const promise = createCredential({
options: {
publicKey: {
authenticatorSelection: {
residentKey: rkRequirement,
},
extensions: {
credProps: true,
},
},
},
});
assert_true(rkRequirement in fixture.expected);
const expected = fixture.expected[rkRequirement];
assert_true('success' in expected);
if (!expected.success) {
return promise_rejects_dom(t, "NotAllowedError", promise);
}
const cred = await promise;
assert_true('credProps' in cred.getClientExtensionResults());
const credProps = cred.getClientExtensionResults().credProps;
assert_equals('rk' in credProps, expected.hasRk, "hasRk");
if (expected.hasRk) {
assert_equals(credProps.rk, expected.rk, "rk");
}
}, fixture.authenticatorArgs, fixture.name
+ ": navigator.credentials.create() with credProps extension, rk="
+ rkRequirement);
}
}
</script>
</head>
<body></body>
</html>