Star79
775
代码
代码
Issues999
Pull Requests522
流水线
讨论
Wiki
分析
Star79
775
ohci1ohci1add
910e62b5创建于 1月15日历史提交
// Copyright 2023 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

// This module serves as an interface for requesting, validating,
// and invalidated authentication tokens for various sensitive OS
// settings operations, such as modifying lock screen settings.
// This module is also used from lacros to authenticate users
// in password manager scenarios.
// The aquired token is perishable, and can be reused for as long
// as it is valid. Token are managed by ash's `AuthSessionStorage`.

module chromeos.auth.mojom;

import "mojo/public/mojom/base/time.mojom";

[Stable, RenamedFrom="crosapi.mojom.RequestTokenReply"]
struct RequestTokenReply {
  // The authentication token that is returned, to use for sensitive
  // operations.
  string token@0;

  // The length of time for which the token is valid.
  mojo_base.mojom.TimeDelta timeout@1;
};

[Stable, Extensible, RenamedFrom="crosapi.mojom.Reason"]
enum Reason {
  [Default] kAccessPasswordManager = 0,
  kAccessAuthenticationSettings,
  kAccessMultideviceSettings,
};

// An interface implemented by Ash to expose Ash's authentication capabilities.
[Stable, Uuid="7d4bb0d8-f1fa-46bf-a7a6-b7117526ea63",
  RenamedFrom="crosapi.mojom.InSessionAuth"]
interface InSessionAuth {
  // Instructs Ash to summon a native authentication dialog to authenticate
  // the currently active user. Returns a prerishable authentication token on
  // success. RequestTokenReply in null if authentication was aborted.
  [MinVersion=1]
  RequestToken@0(Reason reason, [MinVersion=1] string? prompt)
    => (RequestTokenReply? reply);

  // Check the validity of the token for sensitive operations.
  CheckToken@1(Reason reason, string token) => (bool valid);

  // Release the token when no longer needed, rendering it invalid.
  InvalidateToken@2(string token);

  // Instructs Ash to summon the legacy WebAuthn dialog to authenticate
  // the currently active user. Returns whether the authentication
  // was successful. `rp_id` is the identifier of the WebAuthn relying party,
  // which is usually (but not necessarily) a part of the URL. `window_id` is
  // the window identifier that sent the WebAuthn request. The identifier is
  // given by the window manager, so we can't make extra assumptions about it
  // (like whether it's a integer or URL etc.) other than that it is a string.
  [MinVersion=2]
  RequestLegacyWebAuthn@3(string rp_id, string window_id) => (bool success);
};