Updated all timeouts to be represented in seconds when consumed from the Swift API surface

Author: dimitribouniol

Sources/WebAuthn/Ceremonies/Authentication/PublicKeyCredentialRequestOptions.swift

@@ -17,16 +17,20 @@ import Foundation
 /// The `PublicKeyCredentialRequestOptions` gets passed to the WebAuthn API (`navigator.credentials.get()`)
 ///
 /// When encoding using `Encodable`, the byte arrays are encoded as base64url.
+///
+/// - SeeAlso: https://www.w3.org/TR/webauthn-2/#dictionary-assertion-options
 public struct PublicKeyCredentialRequestOptions: Encodable {
     /// A challenge that the authenticator signs, along with other data, when producing an authentication assertion
     ///
     /// When encoding using `Encodable` this is encoded as base64url.
     public let challenge: [UInt8]
 
-    /// The number of milliseconds that the Relying Party is willing to wait for the call to complete. The value is treated
-    /// as a hint, and may be overridden by the client.
+    /// A time, in seconds, that the caller is willing to wait for the call to complete. This is treated as a
+    /// hint, and may be overridden by the client.
+    ///
+    /// - Note: When encoded, this value is represented in milleseconds as a ``UInt32``.
     /// See https://www.w3.org/TR/webauthn-2/#dictionary-assertion-options
-    public let timeout: UInt32?
+    public let timeout: TimeInterval?
 
     /// The Relying Party ID.
     public let rpId: String?
@@ -43,7 +47,8 @@ public struct PublicKeyCredentialRequestOptions: Encodable {
         var container = encoder.container(keyedBy: CodingKeys.self)
 
         try container.encode(challenge.base64URLEncodedString(), forKey: .challenge)
-        try container.encodeIfPresent(timeout, forKey: .timeout)
+        let timeoutInMilliseconds = timeout.map { UInt32($0 * 1000) }
+        try container.encodeIfPresent(timeoutInMilliseconds, forKey: .timeout)
         try container.encodeIfPresent(rpId, forKey: .rpId)
         try container.encodeIfPresent(allowCredentials, forKey: .allowCredentials)
         try container.encodeIfPresent(userVerification, forKey: .userVerification)

Sources/WebAuthn/Ceremonies/Registration/PublicKeyCredentialCreationOptions.swift

@@ -12,10 +12,14 @@
 //
 //===----------------------------------------------------------------------===//
 
+import Foundation
+
 /// The `PublicKeyCredentialCreationOptions` gets passed to the WebAuthn API (`navigator.credentials.create()`)
 ///
 /// Generally this should not be created manually. Instead use `RelyingParty.beginRegistration()`. When encoding using
 /// `Encodable` byte arrays are base64url encoded.
+///
+/// - SeeAlso: https://www.w3.org/TR/webauthn-2/#dictionary-makecredentialoptions
 public struct PublicKeyCredentialCreationOptions: Encodable {
     /// A byte array randomly generated by the Relying Party. Should be at least 16 bytes long to ensure sufficient
     /// entropy.
@@ -34,9 +38,11 @@ public struct PublicKeyCredentialCreationOptions: Encodable {
     /// preferred.
     public let publicKeyCredentialParameters: [PublicKeyCredentialParameters]
 
-    /// A time, in milliseconds, that the caller is willing to wait for the call to complete. This is treated as a
+    /// A time, in seconds, that the caller is willing to wait for the call to complete. This is treated as a
     /// hint, and may be overridden by the client.
-    public let timeoutInMilliseconds: UInt32?
+    ///
+    /// - Note: When encoded, this value is represented in milleseconds as a ``UInt32``.
+    public let timeout: TimeInterval?
 
     /// Sets the Relying Party's preference for attestation conveyance. At the time of writing only `none` is
     /// supported.
@@ -49,7 +55,8 @@ public struct PublicKeyCredentialCreationOptions: Encodable {
         try container.encode(user, forKey: .user)
         try container.encode(relyingParty, forKey: .relyingParty)
         try container.encode(publicKeyCredentialParameters, forKey: .publicKeyCredentialParameters)
-        try container.encodeIfPresent(timeoutInMilliseconds, forKey: .timeoutInMilliseconds)
+        let timeoutInMilliseconds = timeout.map { UInt32($0 * 1000) }
+        try container.encodeIfPresent(timeoutInMilliseconds, forKey: .timeout)
         try container.encode(attestation, forKey: .attestation)
     }
 
@@ -58,7 +65,7 @@ public struct PublicKeyCredentialCreationOptions: Encodable {
         case user
         case relyingParty = "rp"
         case publicKeyCredentialParameters = "pubKeyCredParams"
-        case timeoutInMilliseconds = "timeout"
+        case timeout
         case attestation
     }
 }

Sources/WebAuthn/WebAuthnManager.swift

@@ -47,31 +47,26 @@ public struct WebAuthnManager {
     /// This method will use the Relying Party information from the WebAuthnManager's config  to create ``PublicKeyCredentialCreationOptions``
     /// - Parameters:
     ///   - user: The user to register.
-    ///   - timeoutInSeconds: How long the browser should give the user to choose an authenticator. This value
+    ///   - timeout: How long the browser should give the user to choose an authenticator. This value
     ///     is a *hint* and may be ignored by the browser. Defaults to 60 seconds.
     ///   - attestation: The Relying Party's preference regarding attestation. Defaults to `.none`.
     ///   - publicKeyCredentialParameters: A list of public key algorithms the Relying Party chooses to restrict
     ///     support to. Defaults to all supported algorithms.
     /// - Returns: Registration options ready for the browser.
     public func beginRegistration(
         user: PublicKeyCredentialUserEntity,
-        timeoutInSeconds: TimeInterval? = 3600,
+        timeout: TimeInterval? = 3600,
         attestation: AttestationConveyancePreference = .none,
         publicKeyCredentialParameters: [PublicKeyCredentialParameters] = .supported
     ) -> PublicKeyCredentialCreationOptions {
         let challenge = challengeGenerator.generate()
 
-        var timeoutInMilliseconds: UInt32?
-        if let timeoutInSeconds {
-            timeoutInMilliseconds = UInt32(timeoutInSeconds * 1000)
-        }
-
         return PublicKeyCredentialCreationOptions(
             challenge: challenge,
             user: user,
             relyingParty: .init(id: config.relyingPartyID, name: config.relyingPartyName),
             publicKeyCredentialParameters: publicKeyCredentialParameters,
-            timeoutInMilliseconds: timeoutInMilliseconds,
+            timeout: timeout,
             attestation: attestation
         )
     }
@@ -144,13 +139,10 @@ public struct WebAuthnManager {
         userVerification: UserVerificationRequirement = .preferred
     ) throws -> PublicKeyCredentialRequestOptions {
         let challenge = challengeGenerator.generate()
-        var timeoutInMilliseconds: UInt32? = nil
-        if let timeout {
-            timeoutInMilliseconds = UInt32(timeout * 1000)
-        }
+
         return PublicKeyCredentialRequestOptions(
             challenge: challenge,
-            timeout: timeoutInMilliseconds,
+            timeout: timeout,
             rpId: config.relyingPartyID,
             allowCredentials: allowCredentials,
             userVerification: userVerification

Tests/WebAuthnTests/WebAuthnManagerAuthenticationTests.swift

@@ -43,7 +43,7 @@ final class WebAuthnManagerAuthenticationTests: XCTestCase {
         )
 
         XCTAssertEqual(options.challenge, challenge)
-        XCTAssertEqual(options.timeout, 1234000)    // timeout converted to milliseconds
+        XCTAssertEqual(options.timeout, 1234)
         XCTAssertEqual(options.rpId, relyingPartyID)
         XCTAssertEqual(options.allowCredentials, allowCredentials)
         XCTAssertEqual(options.userVerification, .preferred)

Tests/WebAuthnTests/WebAuthnManagerIntegrationTests.swift

@@ -37,7 +37,7 @@ final class WebAuthnManagerIntegrationTests: XCTestCase {
 
         let registrationOptions = webAuthnManager.beginRegistration(
             user: mockUser,
-            timeoutInSeconds: timeout,
+            timeout: timeout,
             attestation: attestationPreference,
             publicKeyCredentialParameters: publicKeyCredentialParameters
         )
@@ -49,7 +49,7 @@ final class WebAuthnManagerIntegrationTests: XCTestCase {
         XCTAssertEqual(registrationOptions.attestation, attestationPreference)
         XCTAssertEqual(registrationOptions.relyingParty.id, config.relyingPartyID)
         XCTAssertEqual(registrationOptions.relyingParty.name, config.relyingPartyName)
-        XCTAssertEqual(registrationOptions.timeoutInMilliseconds, UInt32(timeout * 1000))
+        XCTAssertEqual(registrationOptions.timeout, timeout)
         XCTAssertEqual(registrationOptions.publicKeyCredentialParameters, publicKeyCredentialParameters)
 
         // Now send `registrationOptions` to client, which in turn will send the authenticator's response back to us:
@@ -107,7 +107,7 @@ final class WebAuthnManagerIntegrationTests: XCTestCase {
         )
 
         XCTAssertEqual(authenticationOptions.rpId, config.relyingPartyID)
-        XCTAssertEqual(authenticationOptions.timeout, UInt32(authenticationTimeout * 1000)) // timeout is in milliseconds
+        XCTAssertEqual(authenticationOptions.timeout, authenticationTimeout)
         XCTAssertEqual(authenticationOptions.challenge, mockChallenge)
         XCTAssertEqual(authenticationOptions.userVerification, userVerification)
         XCTAssertEqual(authenticationOptions.allowCredentials, rememberedCredentials)