Bug 237454

Summary: [WebAuthn] Provide [ASCAgent performAutoFillAuthorizationRequestsForContext] SPI with frameID
Product: WebKit Reporter: pascoe <pascoe>
Component: WebKit Misc.Assignee: pascoe <pascoe>
Status: RESOLVED FIXED    
Severity: Normal CC: bfulgham, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch
none
Patch for landing none

Description pascoe@apple.com 2022-03-03 15:49:51 PST 
For conditional mediation support, [ASCAgent performAutoFillAuthorizationRequestsForContext] needs to be able to determine which frame the request came from to properly show results.
Comment 1 Radar WebKit Bug Importer 2022-03-03 15:50:01 PST 
<rdar://problem/89782147>
Comment 2 pascoe@apple.com 2022-03-03 17:31:40 PST 
Created attachment 453802 [details]
Patch
Comment 3 Brent Fulgham 2022-03-04 11:58:29 PST 
Comment on attachment 453802 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=453802&action=review

r=me, but I think the SPI might benefit from some tweaks.

> Source/WebKit/Platform/spi/Cocoa/AuthenticationServicesCoreSPI.h:255
> +@property (nonatomic, nullable, copy) NSNumber *webFrameID;

Nit: Given that GlobalFrameIdentifier is a struct that holds a pageID and a frameID, I wonder if this SPI would have been better designed using a similar struct.

> Source/WebKit/UIProcess/WebAuthentication/Cocoa/WebAuthenticatorCoordinatorProxy.mm:239
> +static RetainPtr<ASCCredentialRequestContext> configurationAssertionRequestContext(const PublicKeyCredentialRequestOptions& options, Vector<uint8_t> hash, std::optional<WebCore::MediationRequirement> mediation, std::optional<WebCore::GlobalFrameIdentifier> frameID)

Nit: I suggest 'globalFrameID' (rather than frameID) to distinguish between the "frame-only" ID used in some code, versus this pair of frame and page.

> Source/WebKit/UIProcess/WebAuthentication/Cocoa/WebAuthenticatorCoordinatorProxy.mm:265
> +    if (frameID && [requestContext respondsToSelector:@selector(setWebFrameID:)] && [requestContext respondsToSelector:@selector(setWebPageID:)]) {

It would be nice to remember to remove these 'respondsToSelector' checks in the future, as they do incur a cost. I also wonder if it's ever possible for a version of the OS that responds to 'setWebFrameID' wouldn't also respond to 'setWebPageID'.

> Source/WebKit/UIProcess/WebAuthentication/Cocoa/WebAuthenticatorCoordinatorProxy.mm:309
> +        result = configurationAssertionRequestContext(options, requestData.hash, requestData.mediation, requestData.frameID);

I really dislike the 'frameID' accessor for this GlobalFrameID (which is a pair of Page/Frame). But that's not due to this change.
Comment 4 pascoe@apple.com 2022-03-04 16:10:36 PST 
Created attachment 453878 [details]
Patch for landing
Comment 5 EWS 2022-03-07 09:38:18 PST 
Committed r290893 (248124@main): <https://commits.webkit.org/248124@main>

All reviewed patches have been landed. Closing bug and clearing flags on attachment 453878 [details].