[WIP] Add requestUserInfo

nsatragno · nsatragno · commit 984e30065565 · 2025-10-29T17:35:46.000-04:00
This patch adds `requestUserInfo` to `PublicKeyCredentialUserEntity`.
This allows a relying party to request user identifiers and attributes
alongside a WebAuthn credential on `create()` to aid with account
creation.

Fixes 2336.
diff --git a/index.bs b/index.bs
@@ -165,6 +165,7 @@ spec: html; urlPrefix: https://html.spec.whatwg.org/multipage/
             text: origin; url: concept-origin
             text: document.domain; url:dom-document-domain
         urlPrefix: form-control-infrastructure.html
+            text: autofill; url: autofill
             text: autofill detail token; url: autofill-detail-tokens
             text: non-autofill credential type; url: non-autofill-credential-type
 
@@ -173,6 +174,9 @@ spec: url; urlPrefix: https://url.spec.whatwg.org
         text: scheme; url: concept-url-scheme
         text: port; url: concept-url-port
 
+spec: string-meta; urlPrefix: https://www.w3.org/TR/string-meta/
+    type: dictionary
+        text: Localizable; url: Localizable
 
 spec: TokenBinding; urlPrefix: https://tools.ietf.org/html/rfc8471#
     type: dfn
@@ -1478,6 +1482,7 @@ that are returned to the caller when a new credential is created, or a new asser
         [SameObject] readonly attribute ArrayBuffer              rawId;
         [SameObject] readonly attribute AuthenticatorResponse    response;
         readonly attribute DOMString?                            authenticatorAttachment;
+        readonly attribute PublicKeyCredentialUserInfo           userInfo;
         AuthenticationExtensionsClientOutputs getClientExtensionResults();
         static Promise<boolean> isConditionalMediationAvailable();
         PublicKeyCredentialJSON toJSON();
@@ -1517,8 +1522,9 @@ that are returned to the caller when a new credential is created, or a new asser
         but later receive updates to support [=cross-platform attachment=] as well.
         </div>
 
-
-
+    :   {{PublicKeyCredential/userInfo}}
+    ::  This OPTIONAL {{PublicKeyCredentialUserInfo}} dictionary returns the [=user information=] requested by the [=[RP]=],
+        if any.
 
     :   {{PublicKeyCredential/getClientExtensionResults()}}
     ::  This operation returns the value of {{PublicKeyCredential/[[clientExtensionsResults]]}}, which is a [=map=] containing
@@ -3629,8 +3635,9 @@ credential.
 
 <xmp class="idl">
     dictionary PublicKeyCredentialUserEntity : PublicKeyCredentialEntity {
-        required BufferSource   id;
-        required DOMString      displayName;
+        required BufferSource              id;
+        required DOMString                 displayName;
+        PublicKeyCredentialRequestUserInfo requestUserInfo;
     };
 </xmp>
 
@@ -3675,8 +3682,11 @@ credential.
         When storing a {{PublicKeyCredentialUserEntity/displayName}} member's value,
         the value MAY be truncated as described in [[#sctn-strings-truncation]]
         using a size limit greater than or equal to 64 bytes.
-</div>
 
+    :   <dfn>requestUserInfo</dfn>
+    ::  An OPTIONAL {{PublicKeyCredentialRequestUserInfo}} dictionary indicating that the [=[RP]=] requests [=user information=]
+        to be returned with the {{PublicKeyCredential}} for the purposes of creating a new [=user account=].
+</div>
 
 ### Authenticator Selection Criteria (dictionary <dfn dictionary>AuthenticatorSelectionCriteria</dfn>) ### {#dictionary-authenticatorSelection}
 
@@ -3839,6 +3849,100 @@ Note: The {{AttestationConveyancePreference}} enumeration is deliberately not re
         If permitted, the user agent SHOULD signal to the authenticator (at [invocation time](#CreateCred-InvokeAuthnrMakeCred)) that enterprise attestation is requested, and convey the resulting [=/AAGUID=] and [=attestation statement=], unaltered, to the [=[RP]=].
 </div>
 
+### Request User Information ### {#dictionary-requestUserInfo}
+
+[=[WRPS]=] may use the {{PublicKeyCredentialRequestUserInfo}} dictionary to request [=user information=]
+to be returned as part of the {{CredentialsContainer/create()}} request.
+
+<dfn>User information</dfn> that may be requested consists of:
+
+<dl dfn-type="dfn" dfn-for="user information">
+    :   <dfn>Identifier</dfn>
+    ::  A single [=human-palatable=] string that can be used to uniquely identify a [=user account=],
+        and whose value is used as a credential's {{PublicKeyCredentialEntity/name}}.
+    :   <dfn>Attributes</dfn>
+    ::  A set of attributes about a user that are required when creating a [=user account=].
+</dl>
+
+<xmp class="idl">
+    dictionary PublicKeyCredentialRequestUserInfo {
+        required sequence<DOMString> identifiers;
+        sequence<DOMString>          attributes = [];
+    };
+</xmp>
+
+<dl dfn-type="attribute" dfn-for="PublicKeyCredentialRequestUserInfo">
+    :   {{PublicKeyCredentialRequestUserInfo/identifiers}}
+    ::  A set of [=user information/identifier=] types accepted by the [=[RP]=].
+        Valid values are:
+        * `"email"`: an email address, such as "alex.mueller@example.com".
+        * `"phone"`: a full telephone number, including country code, such as "+1 617 253 5702".
+    :   {{PublicKeyCredentialRequestUserInfo/attributes}}
+    ::  An OPTIONAL set of [=user information/attribute=] names.
+        Valid values are:
+        * `"name"`: a [=human-palatable=] name, such as "Alex Müller".
+</dl>
+
+When requesting [=user information=], the [=[RP]=] can request multiple [=user information/identifier=] types
+to indicate any of them may be accepted. However, only one [=user information/identifier=] is returned.
+The [=client=] selects the [=user information/identifier=] type to return depending on user preference or other factors.
+[=[WRPS]=] SHOULD pass the list of [=user information/identifiers=] in order of preference as a hint to [=clients=].
+
+The {{PublicKeyCredentialEntity/name}} and {{PublicKeyCredentialUserEntity/displayName}}
+will be overridden by the chosen [=user information/identifier=].
+[=[WRPS]=] SHOULD pass an empty {{PublicKeyCredentialEntity/name}}
+and {{PublicKeyCredentialUserEntity/displayName}} when using this option.
+
+[=user information/Identifiers=] and [=user information/attributes=] which are not recognized are ignored by the [=client=].
+
+Note: Unlike regular {{CredentialsContainer/create()}} operations, requesting [=user information=]
+requires [=user activation=].
+
+[=User information=] is returned to the [=[RP]=] in a {{PublicKeyCredentialUserInfo}} dictionary:
+
+<xmp class="idl">
+    dictionary PublicKeyCredentialUserInfo {
+        required PublicKeyCredentialUserInfoIdentifier identifier;
+        required record<DOMString, PublicKeyCredentialUserInfoAttribute> attributes;
+    };
+</xmp>
+
+<dl dfn-type="attribute" dfn-for="PublicKeyCredentialUserInfo">
+    :   {{PublicKeyCredentialUserInfo/identifier}}
+    ::  The [=user information/identifier=] claimed by the user.
+    :   {{PublicKeyCredentialUserInfo/attributes}}
+    ::  A map of [=user information/attributes=] names to values claimed by the user.
+        Keys MUST be present in the {{PublicKeyCredentialRequestUserInfo/attributes}} requested by the [=[RP]=].
+</dl>
+
+<xmp class="idl">
+    dictionary PublicKeyCredentialUserInfoIdentifier {
+        required DOMString type;
+        required DOMString value;
+    };
+</xmp>
+
+<dl dfn-type="attribute" dfn-for="PublicKeyCredentialUserInfoIdentifier">
+    :   {{PublicKeyCredentialUserInfoIdentifier/type}}
+    ::  The type of [=user information/identifier=].
+        This MUST be one of the {{PublicKeyCredentialRequestUserInfo/identifiers}} requested by the [=[RP]=].
+    :   {{PublicKeyCredentialUserInfoIdentifier/value}}
+    ::  The [=user information/identifier=] claimed by the user.
+</dl>
+
+<xmp class="idl">
+    dictionary PublicKeyCredentialUserInfoAttribute : Localizable {
+    };
+</xmp>
+
+<dl dfn-type="attribute" dfn-for="PublicKeyCredentialUserInfoAttribute">
+    :   {{PublicKeyCredentialUserInfoIdentifier/value}}
+    ::  The [=user information/attribute=] claimed by the user for the corresponding {{PublicKeyCredentialUserInfo/attributes}} key.
+</dl>
+
+The [=client=] MAY obtain [=user information=] from sources such as [=autofill=].
+However, the [=client=] MUST allow the user to manually set any [=user information/identifiers=]
+and [=user information/attributes=].
 
 ## Options for Assertion Generation (dictionary <dfn dictionary>PublicKeyCredentialRequestOptions</dfn>) ## {#dictionary-assertion-options}
 
@@ -8571,9 +8675,16 @@ possible for [=[RPS]=] to trust any further [=attestation statements=] from the
 
 See also the related security consideration for [=[RPS]=] in [[#sctn-revoked-attestation-certificates]].
 
-<!-- no sec cons for clients enumerated at this time
 ## Security considerations for [=clients=] ## {#sctn-security-considerations-client}
--->
+
+### [=UI redressing=] when requesting [=user information=] {#sctn-seccons-ui-redressing-request-user-info}
+
+When a [=[RP]=] requests [=user information=] as part of a {{CredentialsContainer/create()}} request,
+the user agent may offer prefilled default values for the requested [=user information/identifiers=]
+and [=user information/attributes=], similar to [=autofill=].
+It's important that [=clients=] consider the risk of [=UI redressing=]
+and take appropriate measures to prevent malicious [=[WRPS]=] from obtaining [=user information=]
+without the user's consent.
 
 ## Security considerations for [=[RPS]=] ## {#sctn-security-considerations-rp}
 
