Created
November 8, 2024 16:14
-
-
Save stephenmcgruer/f0ed86d2ac22f0989d483d12c9a3534a to your computer and use it in GitHub Desktop.
Proposed shape for BBK at authentication time
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| const request = new PaymentRequest([{ | |
| supportedMethods: "secure-payment-confirmation", | |
| data: { | |
| // List of credential IDs obtained from the bank. | |
| credentialIds, | |
| rpId: "fancybank.com", | |
| // The challenge is also obtained from the bank. | |
| challenge: new Uint8Array([21,31,105 /* 29 more random bytes generated by the bank */]), | |
| instrument: { | |
| displayName: "Fancy Card ****1234", | |
| icon: "https://fancybank.com/card-art.png", | |
| }, | |
| payeeName: "Merchant Shop", | |
| payeeOrigin: "https://merchant.com", | |
| // Caller’s requested localized experience | |
| locale: ["en"], | |
| timeout: 360000, // 6 minutes | |
| }], { | |
| total: { | |
| label: "Total", | |
| amount: { | |
| currency: "USD", | |
| value: "5.00", | |
| }, | |
| }, | |
| }); | |
| const response = await request.show(); | |
| await response.complete('success'); | |
| const publicKeyCredential = response.details; | |
| const clientDataJSON = base64Decode(publicKeyCredential.toJSON().response.clientDataJSON); | |
| /** | |
| clientDataJSON = { | |
| "type": "payment.get", | |
| "challenge": "bmV0d29ya19kYXRh", | |
| "origin": "https://merchant.example", | |
| "crossOrigin":false, | |
| "payment": { | |
| "rpId":"fancybank.com", | |
| "topOrigin": "https://merchant.example", | |
| "payeeOrigin":"https://merchant.example", | |
| "total": { | |
| "value": "0.01", | |
| "currency": "USD" | |
| }, | |
| "instrument": { | |
| "icon": "https://fancybank.com/card-art.png", | |
| "displayName": "Fancy Card ****1234" | |
| }, | |
| "bbk_public_key": "abcd1234", | |
| } | |
| } | |
| */ | |
| const paymentExtensionOutputs = publicKeyCredential.getClientExtensionResults()['payment']; | |
| /** | |
| // Fields are decoded for ease of reading. They would likely be ArrayBuffers in practice, | |
| // using the same encoding that WebAuthn does. | |
| paymentExtensionOutputs = { | |
| // Uses the same *encoding* as publicKeyCredential.response.getPublicKey() | |
| bbk_public_key = 'abcd1234', | |
| // Signature by the BBK private key, over the ClientDataJSON. | |
| // Uses the same signing algorithm as publicKeyCredential.response.getPublicKeyAlgorithm() | |
| bbk_signature = 'A812E...', | |
| }; | |
| */ |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment