Bug 1406456 - WebAuthn WebIDL Updates for WD-07 (part 2) r=qdot,ttaubert
authorJ.C. Jones <jjones@mozilla.com>
Mon, 09 Oct 2017 16:28:13 -0700
changeset 385710 dd5ff0119c3f20f9b887c23774890e64d15a7f28
parent 385709 ca60b3cab4ed50a6f4c06ac0bb9498aaedd9551b
child 385711 12c5e82b0240f8f0c7909b690ab99b94bd1022ad
push id32664
push userarchaeopteryx@coole-files.de
push dateThu, 12 Oct 2017 09:34:55 +0000
treeherdermozilla-central@a32c32d9631c [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersqdot, ttaubert
bugs1406456
milestone58.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1406456 - WebAuthn WebIDL Updates for WD-07 (part 2) r=qdot,ttaubert This covers these renames: * In CollectedClientData, hashAlg => hashAlgorithm * In CollectedClientData, tokenBinding => tokenBindingId * In MakePublicKeyCredentialOptions, parameters => pubKeyCredParams * In MakePublicKeyCredentialOptions, excludeList => excludeCredentials * In PublicKeyCredentialRequestOptions, allowList => allowCredentials * Transport (WebAuthnTransport in Gecko) => AuthenticatorTransport MozReview-Commit-ID: 3FdRnkosy83
dom/webauthn/WebAuthnManager.cpp
dom/webauthn/tests/browser/tab_webauthn_success.html
dom/webauthn/tests/test_webauthn_get_assertion.html
dom/webauthn/tests/test_webauthn_loopback.html
dom/webauthn/tests/test_webauthn_make_credential.html
dom/webauthn/tests/test_webauthn_no_token.html
dom/webauthn/tests/test_webauthn_sameorigin.html
dom/webidl/WebAuthentication.webidl
--- a/dom/webauthn/WebAuthnManager.cpp
+++ b/dom/webauthn/WebAuthnManager.cpp
@@ -85,17 +85,17 @@ AssembleClientData(const nsAString& aOri
   nsresult rv = aChallenge.ToJwkBase64(challengeBase64);
   if (NS_WARN_IF(NS_FAILED(rv))) {
     return NS_ERROR_FAILURE;
   }
 
   CollectedClientData clientDataObject;
   clientDataObject.mChallenge.Assign(challengeBase64);
   clientDataObject.mOrigin.Assign(aOrigin);
-  clientDataObject.mHashAlg.AssignLiteral(u"SHA-256");
+  clientDataObject.mHashAlgorithm.AssignLiteral(u"SHA-256");
 
   nsAutoString temp;
   if (NS_WARN_IF(!clientDataObject.ToJSON(temp))) {
     return NS_ERROR_FAILURE;
   }
 
   aJsonOut.Assign(NS_ConvertUTF16toUTF8(temp));
   return NS_OK;
@@ -360,56 +360,56 @@ WebAuthnManager::MakeCredential(nsPIDOMW
   if (NS_WARN_IF(NS_FAILED(srv))) {
     promise->MaybeReject(NS_ERROR_DOM_SECURITY_ERR);
     return promise.forget();
   }
 
   // Process each element of cryptoParameters using the following steps, to
   // produce a new sequence normalizedParameters.
   nsTArray<PublicKeyCredentialParameters> normalizedParams;
-  for (size_t a = 0; a < aOptions.mParameters.Length(); ++a) {
+  for (size_t a = 0; a < aOptions.mPubKeyCredParams.Length(); ++a) {
     // Let current be the currently selected element of
     // cryptoParameters.
 
     // If current.type does not contain a PublicKeyCredentialType
     // supported by this implementation, then stop processing current and move
     // on to the next element in cryptoParameters.
-    if (aOptions.mParameters[a].mType != PublicKeyCredentialType::Public_key) {
+    if (aOptions.mPubKeyCredParams[a].mType != PublicKeyCredentialType::Public_key) {
       continue;
     }
 
     // Let normalizedAlgorithm be the result of normalizing an algorithm using
     // the procedure defined in [WebCryptoAPI], with alg set to
     // current.algorithm and op set to 'generateKey'. If an error occurs during
     // this procedure, then stop processing current and move on to the next
     // element in cryptoParameters.
 
     nsString algName;
-    if (NS_FAILED(GetAlgorithmName(aOptions.mParameters[a].mAlg,
+    if (NS_FAILED(GetAlgorithmName(aOptions.mPubKeyCredParams[a].mAlg,
                                    algName))) {
       continue;
     }
 
     // Add a new object of type PublicKeyCredentialParameters to
     // normalizedParameters, with type set to current.type and algorithm set to
     // normalizedAlgorithm.
     PublicKeyCredentialParameters normalizedObj;
-    normalizedObj.mType = aOptions.mParameters[a].mType;
+    normalizedObj.mType = aOptions.mPubKeyCredParams[a].mType;
     normalizedObj.mAlg.SetAsString().Assign(algName);
 
     if (!normalizedParams.AppendElement(normalizedObj, mozilla::fallible)){
       promise->MaybeReject(NS_ERROR_OUT_OF_MEMORY);
       return promise.forget();
     }
   }
 
   // If normalizedAlgorithm is empty and cryptoParameters was not empty, cancel
   // the timer started in step 2, reject promise with a DOMException whose name
   // is "NotSupportedError", and terminate this algorithm.
-  if (normalizedParams.IsEmpty() && !aOptions.mParameters.IsEmpty()) {
+  if (normalizedParams.IsEmpty() && !aOptions.mPubKeyCredParams.IsEmpty()) {
     promise->MaybeReject(NS_ERROR_DOM_NOT_SUPPORTED_ERR);
     return promise.forget();
   }
 
   // TODO: The following check should not be here. This is checking for
   // parameters specific to the soft key, and should be put in the soft key
   // manager in the parent process. Still need to serialize
   // PublicKeyCredentialParameters first.
@@ -471,17 +471,17 @@ WebAuthnManager::MakeCredential(nsPIDOMW
 
   srv = HashCString(hashService, clientDataJSON, clientDataHash);
   if (NS_WARN_IF(NS_FAILED(srv))) {
     promise->MaybeReject(NS_ERROR_DOM_SECURITY_ERR);
     return promise.forget();
   }
 
   nsTArray<WebAuthnScopedCredentialDescriptor> excludeList;
-  for (const auto& s: aOptions.mExcludeList) {
+  for (const auto& s: aOptions.mExcludeCredentials) {
     WebAuthnScopedCredentialDescriptor c;
     CryptoBuffer cb;
     cb.Assign(s.mId);
     c.id() = cb;
     excludeList.AppendElement(c);
   }
 
   // TODO: Add extension list building
@@ -631,23 +631,23 @@ WebAuthnManager::GetAssertion(nsPIDOMWin
   srv = HashCString(hashService, clientDataJSON, clientDataHash);
   if (NS_WARN_IF(NS_FAILED(srv))) {
     promise->MaybeReject(NS_ERROR_DOM_SECURITY_ERR);
     return promise.forget();
   }
 
   // Note: we only support U2F-style authentication for now, so we effectively
   // require an AllowList.
-  if (aOptions.mAllowList.Length() < 1) {
+  if (aOptions.mAllowCredentials.Length() < 1) {
     promise->MaybeReject(NS_ERROR_DOM_NOT_ALLOWED_ERR);
     return promise.forget();
   }
 
   nsTArray<WebAuthnScopedCredentialDescriptor> allowList;
-  for (const auto& s: aOptions.mAllowList) {
+  for (const auto& s: aOptions.mAllowCredentials) {
     WebAuthnScopedCredentialDescriptor c;
     CryptoBuffer cb;
     cb.Assign(s.mId);
     c.id() = cb;
     allowList.AppendElement(c);
   }
 
   // TODO: Add extension list building
--- a/dom/webauthn/tests/browser/tab_webauthn_success.html
+++ b/dom/webauthn/tests/browser/tab_webauthn_success.html
@@ -33,17 +33,17 @@ function signalCompletion(aText) {
 }
 
 let gState = {};
 let makeCredentialOptions = {
   rp: {id: document.domain, name: "none", icon: "none"},
   user: {id: new Uint8Array(), name: "none", icon: "none", displayName: "none"},
   challenge: gCredentialChallenge,
   timeout: 5000, // the minimum timeout is actually 15 seconds
-  parameters: [{type: "public-key", alg: "ES256"}],
+  pubKeyCredParams: [{type: "public-key", alg: "ES256"}],
 };
 
 navigator.credentials.create({publicKey: makeCredentialOptions})
 .then(function (aNewCredentialInfo) {
   gState.credential = aNewCredentialInfo;
 
   return webAuthnDecodeCBORAttestation(aNewCredentialInfo.response.attestationObject);
 })
@@ -56,17 +56,17 @@ navigator.credentials.create({publicKey:
     id: new Uint8Array(gState.credential.rawId),
     transports: ["usb"],
   }
 
   let publicKeyCredentialRequestOptions = {
     challenge: gAssertionChallenge,
     timeout: 5000, // the minimum timeout is actually 15 seconds
     rpId: document.domain,
-    allowList: [newCredential]
+    allowCredentials: [newCredential]
   };
 
   // Make sure the RP ID hash matches what we calculate.
   return crypto.subtle.digest("SHA-256", string2buffer(document.domain))
   .then(function(calculatedRpIdHash) {
     let calcHashStr = bytesToBase64UrlSafe(new Uint8Array(calculatedRpIdHash));
     let providedHashStr = bytesToBase64UrlSafe(new Uint8Array(gState.authDataObj.rpIdHash));
 
--- a/dom/webauthn/tests/test_webauthn_get_assertion.html
+++ b/dom/webauthn/tests/test_webauthn_get_assertion.html
@@ -76,38 +76,38 @@
           return credm.get({publicKey: publicKeyCredentialRequestOptions})
                       .then(arrivingHereIsBad)
                       .catch(expectNotAllowedError);
         },
         function () {
           // Test with an invalid credential
           let publicKeyCredentialRequestOptions = {
             challenge: gAssertionChallenge,
-            allowList: [invalidCred]
+            allowCredentials: [invalidCred]
           };
           return credm.get({publicKey: publicKeyCredentialRequestOptions})
                       .then(arrivingHereIsBad)
                       .catch(expectTypeError);
         },
         function () {
           // Test with an unknown credential
           let publicKeyCredentialRequestOptions = {
             challenge: gAssertionChallenge,
-            allowList: [unknownCred]
+            allowCredentials: [unknownCred]
           };
           return credm.get({publicKey: publicKeyCredentialRequestOptions})
                       .then(arrivingHereIsBad)
                       .catch(expectNotAllowedError);
         },
         function () {
           // Test with an unexpected option and an invalid credential
           let publicKeyCredentialRequestOptions = {
             challenge: gAssertionChallenge,
             unknownValue: "hi",
-            allowList: [invalidCred]
+            allowCredentials: [invalidCred]
           };
           return credm.get({publicKey: publicKeyCredentialRequestOptions})
                       .then(arrivingHereIsBad)
                       .catch(expectTypeError);
         }
       ];
 
       var i = 0;
--- a/dom/webauthn/tests/test_webauthn_loopback.html
+++ b/dom/webauthn/tests/test_webauthn_loopback.html
@@ -59,17 +59,17 @@ function() {
     ok(aCredInfo.rawId === aCredInfo.rawId, "PublicKeyCredential.RawID is SameObject");
     ok(aCredInfo.response === aCredInfo.response, "PublicKeyCredential.Response is SameObject");
     ok(aCredInfo.response.clientDataJSON === aCredInfo.response.clientDataJSON, "PublicKeyCredential.Response.ClientDataJSON is SameObject");
     ok(aCredInfo.response.attestationObject === aCredInfo.response.attestationObject, "PublicKeyCredential.Response.AttestationObject is SameObject");
 
     let clientData = JSON.parse(buffer2string(aCredInfo.response.clientDataJSON));
     is(clientData.challenge, bytesToBase64UrlSafe(gCredentialChallenge), "Challenge is correct");
     is(clientData.origin, window.location.origin, "Origin is correct");
-    is(clientData.hashAlg, "SHA-256", "Hash algorithm is correct");
+    is(clientData.hashAlgorithm, "SHA-256", "Hash algorithm is correct");
 
     return webAuthnDecodeCBORAttestation(aCredInfo.response.attestationObject)
     .then(function(aAttestationObj) {
       // Make sure the RP ID hash matches what we calculate.
       return crypto.subtle.digest("SHA-256", string2buffer(document.domain))
       .then(function(calculatedRpIdHash) {
         let calcHashStr = bytesToBase64UrlSafe(new Uint8Array(calculatedRpIdHash));
         let providedHashStr = bytesToBase64UrlSafe(new Uint8Array(aAttestationObj.authDataObj.rpIdHash));
@@ -109,17 +109,17 @@ function() {
     ok(aAssertion.response.authenticatorData === aAssertion.response.authenticatorData, "AuthenticatorAssertionResponse.AuthenticatorData is SameObject");
     ok(aAssertion.response.signature === aAssertion.response.signature, "AuthenticatorAssertionResponse.Signature is SameObject");
     isnot(aAssertion.response.userId, undefined, "AuthenticatorAssertionResponse.UserId is defined")
 
     ok(aAssertion.response.authenticatorData.byteLength > 0, "Authenticator data exists");
     let clientData = JSON.parse(buffer2string(aAssertion.response.clientDataJSON));
     is(clientData.challenge, bytesToBase64UrlSafe(gAssertionChallenge), "Challenge is correct");
     is(clientData.origin, window.location.origin, "Origin is correct");
-    is(clientData.hashAlg, "SHA-256", "Hash algorithm is correct");
+    is(clientData.hashAlgorithm, "SHA-256", "Hash algorithm is correct");
 
     return webAuthnDecodeAuthDataArray(aAssertion.response.authenticatorData)
     .then(function(aAttestation) {
       ok(new Uint8Array(aAttestation.flags) == flag_TUP, "User presence must be the only flag set");
       is(aAttestation.counter.byteLength, 4, "Counter must be 4 bytes");
       return deriveAppAndChallengeParam(window.location.host, aAssertion.response.clientDataJSON, aAttestation)
     })
     .then(function(aParams) {
@@ -138,17 +138,17 @@ function() {
   function testMakeCredential() {
     let rp = {id: document.domain, name: "none", icon: "none"};
     let user = {name: "none", icon: "none", displayName: "none"};
     let param = {type: "public-key", alg: "ES256"};
     let makeCredentialOptions = {
       rp: rp,
       user: user,
       challenge: gCredentialChallenge,
-      parameters: [param]
+      pubKeyCredParams: [param]
     };
     credm.create({publicKey: makeCredentialOptions})
     .then(decodeCreatedCredential)
     .then(testMakeDuplicate)
     .catch(function(aReason) {
       ok(false, aReason);
       SimpleTest.finish();
     });
@@ -157,18 +157,18 @@ function() {
   function testMakeDuplicate(aCredInfo) {
     let rp = {id: document.domain, name: "none", icon: "none"};
     let user = {name: "none", icon: "none", displayName: "none"};
     let param = {type: "public-key", alg: "ES256"};
     let makeCredentialOptions = {
       rp: rp,
       user: user,
       challenge: gCredentialChallenge,
-      parameters: [param],
-      excludeList: [{type: "public-key", id: new Uint8Array(aCredInfo.rawId),
+      pubKeyCredParams: [param],
+      excludeCredentials: [{type: "public-key", id: new Uint8Array(aCredInfo.rawId),
                      transports: ["usb"]}]
     };
     credm.create({publicKey: makeCredentialOptions})
     .then(function() {
       // We should have errored here!
       ok(false, "The excludeList didn't stop a duplicate being created!");
       SimpleTest.finish();
     })
@@ -184,17 +184,17 @@ function() {
       id: new Uint8Array(aCredInfo.rawId),
       transports: ["usb"],
     }
 
     let publicKeyCredentialRequestOptions = {
       challenge: gAssertionChallenge,
       timeout: 5000, // the minimum timeout is actually 15 seconds
       rpId: document.domain,
-      allowList: [newCredential]
+      allowCredentials: [newCredential]
     };
     credm.get({publicKey: publicKeyCredentialRequestOptions})
     .then(function(aAssertion) {
       /* Pass along the pubKey. */
       return checkAssertionAndSigValid(aCredInfo.publicKeyHandle, aAssertion);
     })
     .then(function(aSigVerifyResult) {
       ok(aSigVerifyResult, "Signing signature verified");
--- a/dom/webauthn/tests/test_webauthn_make_credential.html
+++ b/dom/webauthn/tests/test_webauthn_make_credential.html
@@ -65,37 +65,37 @@
       let param = {type: "public-key", alg: "es256"};
       let unsupportedParam = {type: "public-key", alg: "3DES"};
       let badParam = {type: "SimplePassword", alg: "MaxLength=2"};
 
       var testFuncs = [
         // Test basic good call
         function() {
           let makeCredentialOptions = {
-            rp: rp, user: user, challenge: gCredentialChallenge, parameters: [param]
+            rp: rp, user: user, challenge: gCredentialChallenge, pubKeyCredParams: [param]
           };
           return credm.create({publicKey: makeCredentialOptions})
                       .then(arrivingHereIsGood)
                       .catch(arrivingHereIsBad);
         },
 
         // Test empty account
         function() {
           let makeCredentialOptions = {
-            challenge: gCredentialChallenge, parameters: [param]
+            challenge: gCredentialChallenge, pubKeyCredParams: [param]
           };
           return credm.create({publicKey: makeCredentialOptions})
                       .then(arrivingHereIsBad)
                       .catch(expectTypeError);
         },
 
         // Test without a parameter
         function() {
           let makeCredentialOptions = {
-            rp: rp, user: user, challenge: gCredentialChallenge, parameters: []
+            rp: rp, user: user, challenge: gCredentialChallenge, pubKeyCredParams: []
           };
           return credm.create({publicKey: makeCredentialOptions})
                       .then(arrivingHereIsBad)
                       .catch(expectNotSupportedError);
         },
 
         // Test without a parameter array at all
         function() {
@@ -105,157 +105,157 @@
           return credm.create({publicKey: makeCredentialOptions})
                .then(arrivingHereIsBad)
                .catch(expectTypeError);
         },
 
         // Test with an unsupported parameter
         function() {
           let makeCredentialOptions = {
-            rp: rp, user: user, challenge: gCredentialChallenge, parameters: [unsupportedParam]
+            rp: rp, user: user, challenge: gCredentialChallenge, pubKeyCredParams: [unsupportedParam]
           };
           return credm.create({publicKey: makeCredentialOptions})
                       .then(arrivingHereIsBad)
                       .catch(expectNotSupportedError);
         },
 
         // Test with an unsupported parameter and a good one
         function() {
           let makeCredentialOptions = {
             rp: rp, user: user, challenge: gCredentialChallenge,
-            parameters: [param, unsupportedParam]
+            pubKeyCredParams: [param, unsupportedParam]
           };
           return credm.create({publicKey: makeCredentialOptions})
                       .then(arrivingHereIsGood)
                       .catch(arrivingHereIsBad);
         },
 
         // Test with a bad parameter
         function() {
           let makeCredentialOptions = {
-            rp: rp, user: user, challenge: gCredentialChallenge, parameters: [badParam]
+            rp: rp, user: user, challenge: gCredentialChallenge, pubKeyCredParams: [badParam]
           };
           return credm.create({publicKey: makeCredentialOptions})
                .then(arrivingHereIsBad)
                .catch(expectTypeError);
         },
 
         // Test with an unsupported parameter, and a bad one
         function() {
           let makeCredentialOptions = {
             rp: rp, user: user, challenge: gCredentialChallenge,
-            parameters: [unsupportedParam, badParam]
+            pubKeyCredParams: [unsupportedParam, badParam]
           };
           return credm.create({publicKey: makeCredentialOptions})
                       .then(arrivingHereIsBad)
                       .catch(expectTypeError);
         },
 
         // Test with an unsupported parameter, a bad one, and a good one. This
         // should still fail, as anything with a badParam should fail.
         function() {
           let makeCredentialOptions = {
             rp: rp, user: user, challenge: gCredentialChallenge,
-            parameters: [param, unsupportedParam, badParam]
+            pubKeyCredParams: [param, unsupportedParam, badParam]
           };
           return credm.create({publicKey: makeCredentialOptions})
                .then(arrivingHereIsBad)
                .catch(expectTypeError);
         },
 
         // Test without a challenge
         function() {
           let makeCredentialOptions = {
-            rp: rp, user: user, parameters: [param]
+            rp: rp, user: user, pubKeyCredParams: [param]
           };
           return credm.create({publicKey: makeCredentialOptions})
                       .then(arrivingHereIsBad)
                       .catch(expectTypeError);
         },
 
         // Test with an invalid challenge
         function() {
           let makeCredentialOptions = {
             rp: rp, user: user, challenge: "begone, thou ill-fitting moist glove!",
-            parameters: [unsupportedParam]
+            pubKeyCredParams: [unsupportedParam]
           };
           return credm.create({publicKey: makeCredentialOptions})
                .then(arrivingHereIsBad)
                .catch(expectTypeError);
         },
 
-        // Test with duplicate parameters
+        // Test with duplicate pubKeyCredParams
         function() {
           let makeCredentialOptions = {
             rp: rp, user: user, challenge: gCredentialChallenge,
-            parameters: [param, param, param]
+            pubKeyCredParams: [param, param, param]
           };
           return credm.create({publicKey: makeCredentialOptions})
                       .then(arrivingHereIsGood)
                       .catch(arrivingHereIsBad);
         },
 
         // Test with missing rp
         function() {
           let makeCredentialOptions = {
-            user: user, challenge: gCredentialChallenge, parameters: [param]
+            user: user, challenge: gCredentialChallenge, pubKeyCredParams: [param]
           };
           return credm.create({publicKey: makeCredentialOptions})
                       .then(arrivingHereIsBad)
                       .catch(expectTypeError);
         },
 
         // Test with incorrect user ID type
         function() {
           let invalidType = user;
           invalidType.id = "a string, which is not a buffer";
           let makeCredentialOptions = {
-            user: invalidType, challenge: gCredentialChallenge, parameters: [param]
+            user: invalidType, challenge: gCredentialChallenge, pubKeyCredParams: [param]
           };
           return credm.create({publicKey: makeCredentialOptions})
                       .then(arrivingHereIsBad)
                       .catch(expectTypeError);
         },
 
         // Test with missing user
         function() {
           let makeCredentialOptions = {
-            rp: rp, challenge: gCredentialChallenge, parameters: [param]
+            rp: rp, challenge: gCredentialChallenge, pubKeyCredParams: [param]
           };
           return credm.create({publicKey: makeCredentialOptions})
                       .then(arrivingHereIsBad)
                       .catch(expectTypeError);
         },
 
         // Test a complete account
         function() {
           let completeRP = {id: document.domain, name: "Foxxy Name",
                             icon: "https://example.com/fox.svg"};
           let completeUser = {id: string2buffer("foxes_are_the_best@example.com"),
                               name: "Fox F. Foxington",
                               icon: "https://example.com/fox.svg",
                               displayName: "Foxxy V"};
           let makeCredentialOptions = {
             rp: completeRP, user: completeUser, challenge: gCredentialChallenge,
-            parameters: [param]
+            pubKeyCredParams: [param]
           };
           return credm.create({publicKey: makeCredentialOptions})
                       .then(arrivingHereIsGood)
                       .catch(arrivingHereIsBad);
         },
 
         // Test with too-large user ID buffer
         function() {
           let hugeUser = {id: new Uint8Array(65),
                               name: "Fox F. Foxington",
                               icon: "https://example.com/fox.svg",
                               displayName: "Foxxy V"};
           let makeCredentialOptions = {
             rp: rp, user: hugeUser, challenge: gCredentialChallenge,
-            parameters: [param]
+            pubKeyCredParams: [param]
           };
           return credm.create({publicKey: makeCredentialOptions})
                       .then(arrivingHereIsBad)
                       .catch(expectTypeError);
         }];
 
       var i = 0;
       var runNextTest = () => {
--- a/dom/webauthn/tests/test_webauthn_no_token.html
+++ b/dom/webauthn/tests/test_webauthn_no_token.html
@@ -42,17 +42,17 @@ function() {
 
   testMakeCredential();
 
   function testMakeCredential() {
     let rp = {id: document.domain, name: "none", icon: "none"};
     let user = {name: "none", icon: "none", displayName: "none"};
     let param = {type: "public-key", alg: "es256"};
     let makeCredentialOptions = {
-      rp: rp, user: user, challenge: credentialChallenge, parameters: [param]
+      rp: rp, user: user, challenge: credentialChallenge, pubKeyCredParams: [param]
     };
     credm.create({publicKey: makeCredentialOptions})
     .then(function(aResult) {
       ok(false, "Should have failed.");
       testAssertion();
     })
     .catch(function(aReason) {
       ok(aReason.toString().startsWith("NotAllowedError"), aReason);
@@ -65,17 +65,17 @@ function() {
       type: "public-key",
       id: credentialId,
       transports: ["usb"],
     }
     let publicKeyCredentialRequestOptions = {
       challenge: assertionChallenge,
       timeout: 5000, // the minimum timeout is actually 15 seconds
       rpId: document.domain,
-      allowList: [newCredential]
+      allowCredentials: [newCredential]
     };
     credm.get({publicKey: publicKeyCredentialRequestOptions})
     .then(function(aResult) {
       ok(false, "Should have failed.");
       SimpleTest.finish();
     })
     .catch(function(aReason) {
       ok(aReason.toString().startsWith("NotAllowedError"), aReason);
--- a/dom/webauthn/tests/test_webauthn_sameorigin.html
+++ b/dom/webauthn/tests/test_webauthn_sameorigin.html
@@ -63,195 +63,195 @@
       let user = {id: new Uint8Array(16), name: "none", icon: "none", displayName: "none"};
       let param = {type: "public-key", alg: "Es256"};
 
       var testFuncs = [
         function() {
           // Test basic good call
           let rp = {id: document.domain};
           let makeCredentialOptions = {
-            rp: rp, user: user, challenge: chall, parameters: [param]
+            rp: rp, user: user, challenge: chall, pubKeyCredParams: [param]
           };
           return credm.create({publicKey: makeCredentialOptions})
                       .then(keepThisPublicKeyCredential("basic"))
                       .then(arrivingHereIsGood)
                       .catch(arrivingHereIsBad);
         },
         function() {
           // Test rp.id being unset
           let makeCredentialOptions = {
-            rp: {}, user: user, challenge: chall, parameters: [param]
+            rp: {}, user: user, challenge: chall, pubKeyCredParams: [param]
           };
           return credm.create({publicKey: makeCredentialOptions})
                       .then(arrivingHereIsGood)
                       .catch(arrivingHereIsBad);
         },
         function() {
           // Test this origin with optional fields
           let rp = {id: "user:pass@" + document.domain + ":8888"};
           let makeCredentialOptions = {
-            rp: rp, user: user, challenge: chall, parameters: [param]
+            rp: rp, user: user, challenge: chall, pubKeyCredParams: [param]
           };
           return credm.create({publicKey: makeCredentialOptions})
                       .then(arrivingHereIsBad)
                       .catch(expectSecurityError);
         },
         function() {
           // Test blank rp.id
           let rp = {id: ""};
           let makeCredentialOptions = {
-            rp: rp, user: user, challenge: chall, parameters: [param]
+            rp: rp, user: user, challenge: chall, pubKeyCredParams: [param]
           };
           return credm.create({publicKey: makeCredentialOptions})
                       .then(arrivingHereIsBad)
                       .catch(expectSecurityError);
         },
         function() {
           // Test subdomain of this origin
           let rp = {id: "subdomain." + document.domain};
           let makeCredentialOptions = {
-            rp: rp, user: user, challenge: chall, parameters: [param]
+            rp: rp, user: user, challenge: chall, pubKeyCredParams: [param]
           };
           return credm.create({publicKey: makeCredentialOptions})
                       .then(arrivingHereIsBad)
                       .catch(expectSecurityError);
         },
         function() {
           // Test the same origin
           let rp = {id: "example.com"};
           let makeCredentialOptions = {
-            rp: rp, user: user, challenge: chall, parameters: [param]
+            rp: rp, user: user, challenge: chall, pubKeyCredParams: [param]
           };
           return credm.create({publicKey: makeCredentialOptions})
                       .then(arrivingHereIsGood)
                       .catch(arrivingHereIsBad);
         },
         function() {
           // Test the eTLD
           let rp = {id: "com"};
           let makeCredentialOptions = {
-            rp: rp, user: user, challenge: chall, parameters: [param]
+            rp: rp, user: user, challenge: chall, pubKeyCredParams: [param]
           };
           return credm.create({publicKey: makeCredentialOptions})
                       .then(arrivingHereIsBad)
                       .catch(expectSecurityError);
         },
         function () {
           // Test a different domain within the same TLD
           let rp = {id: "alt.test"};
           let makeCredentialOptions = {
-            rp: rp, user: user, challenge: chall, parameters: [param]
+            rp: rp, user: user, challenge: chall, pubKeyCredParams: [param]
           };
           return credm.create({publicKey: makeCredentialOptions})
                       .then(arrivingHereIsBad)
                       .catch(expectSecurityError);
         },
         function () {
           // Test basic good call
           let publicKeyCredentialRequestOptions = {
             challenge: chall,
             rpId: document.domain,
-            allowList: [gTrackedCredential["basic"]]
+            allowCredentials: [gTrackedCredential["basic"]]
           };
           return credm.get({publicKey: publicKeyCredentialRequestOptions})
                       .then(arrivingHereIsGood)
                       .catch(arrivingHereIsBad);
         },
         function () {
           // Test rpId being unset
           let publicKeyCredentialRequestOptions = {
             challenge: chall,
-            allowList: [gTrackedCredential["basic"]]
+            allowCredentials: [gTrackedCredential["basic"]]
           };
           return credm.get({publicKey: publicKeyCredentialRequestOptions})
                       .then(arrivingHereIsGood)
                       .catch(arrivingHereIsBad);
         },
         function () {
           // Test this origin with optional fields
           let publicKeyCredentialRequestOptions = {
             challenge: chall,
             rpId: "user:pass@" + document.origin + ":8888",
-            allowList: [gTrackedCredential["basic"]]
+            allowCredentials: [gTrackedCredential["basic"]]
           };
           return credm.get({publicKey: publicKeyCredentialRequestOptions})
                       .then(arrivingHereIsBad)
                       .catch(expectSecurityError);
         },
         function () {
           // Test blank rpId
           let publicKeyCredentialRequestOptions = {
             challenge: chall,
             rpId: "",
-            allowList: [gTrackedCredential["basic"]]
+            allowCredentials: [gTrackedCredential["basic"]]
           };
           return credm.get({publicKey: publicKeyCredentialRequestOptions})
                       .then(arrivingHereIsBad)
                       .catch(expectSecurityError);
         },
         function () {
           // Test subdomain of this origin
           let publicKeyCredentialRequestOptions = {
             challenge: chall,
             rpId: "subdomain." + document.domain,
-            allowList: [gTrackedCredential["basic"]]
+            allowCredentials: [gTrackedCredential["basic"]]
           };
           return credm.get({publicKey: publicKeyCredentialRequestOptions})
                       .then(arrivingHereIsBad)
                       .catch(expectSecurityError);
         },
         function () {
           // Test the same origin
           let publicKeyCredentialRequestOptions = {
             challenge: chall,
             rpId: "example.com",
-            allowList: [gTrackedCredential["basic"]]
+            allowCredentials: [gTrackedCredential["basic"]]
           };
           return credm.get({publicKey: publicKeyCredentialRequestOptions})
                       .then(arrivingHereIsGood)
                       .catch(arrivingHereIsBad);
         },
         function() {
           // Test the eTLD
           let publicKeyCredentialRequestOptions = {
             challenge: chall,
             rpId: "com",
-            allowList: [gTrackedCredential["basic"]]
+            allowCredentials: [gTrackedCredential["basic"]]
           };
           return credm.get({publicKey: publicKeyCredentialRequestOptions})
                       .then(arrivingHereIsBad)
                       .catch(expectSecurityError);
         },
         function () {
           // Test a different domain within the same TLD
           let publicKeyCredentialRequestOptions = {
             challenge: chall,
             rpId: "alt.test",
-            allowList: [gTrackedCredential["basic"]]
+            allowCredentials: [gTrackedCredential["basic"]]
           };
           return credm.get({publicKey: publicKeyCredentialRequestOptions})
                       .then(arrivingHereIsBad)
                       .catch(expectSecurityError);
         },
         function () {
           // Test basic good Create call but using an origin (Bug 1380421)
           let rp = {id: window.origin};
           let makeCredentialOptions = {
-            rp: rp, user: user, challenge: chall, parameters: [param]
+            rp: rp, user: user, challenge: chall, pubKeyCredParams: [param]
           };
           return credm.create({publicKey: makeCredentialOptions})
                       .then(arrivingHereIsBad)
                       .catch(expectSecurityError);
         },
         function () {
           // Test basic good Get call but using an origin (Bug 1380421)
           let publicKeyCredentialRequestOptions = {
             challenge: chall,
             rpId: window.origin,
-            allowList: [gTrackedCredential["basic"]]
+            allowCredentials: [gTrackedCredential["basic"]]
           };
           return credm.get({publicKey: publicKeyCredentialRequestOptions})
                       .then(arrivingHereIsBad)
                       .catch(expectSecurityError);
         }
       ];
       var i = 0;
       var runNextTest = () => {
--- a/dom/webidl/WebAuthentication.webidl
+++ b/dom/webidl/WebAuthentication.webidl
@@ -42,20 +42,20 @@ dictionary PublicKeyCredentialUserEntity
     DOMString      displayName;
 };
 
 dictionary MakePublicKeyCredentialOptions {
     required PublicKeyCredentialRpEntity   rp;
     required PublicKeyCredentialUserEntity user;
 
     required BufferSource                            challenge;
-    required sequence<PublicKeyCredentialParameters> parameters;
+    required sequence<PublicKeyCredentialParameters> pubKeyCredParams;
 
     unsigned long                                timeout;
-    sequence<PublicKeyCredentialDescriptor>      excludeList = [];
+    sequence<PublicKeyCredentialDescriptor>      excludeCredentials = [];
     AuthenticatorSelectionCriteria               authenticatorSelection;
     // Extensions are not supported yet.
     // AuthenticationExtensions                  extensions; // Add in Bug 1406458
 };
 
 dictionary PublicKeyCredentialEntity {
     DOMString      name;
     USVString      icon;
@@ -75,54 +75,53 @@ enum AuthenticatorAttachment {
     "platform",       // Platform attachment
     "cross-platform"  // Cross-platform attachment
 };
 
 dictionary PublicKeyCredentialRequestOptions {
     required BufferSource                challenge;
     unsigned long                        timeout;
     USVString                            rpId;
-    sequence<PublicKeyCredentialDescriptor> allowList = [];
+    sequence<PublicKeyCredentialDescriptor> allowCredentials = [];
     // Extensions are not supported yet.
     // AuthenticationExtensions             extensions; // Add in Bug 1406458
 };
 
 typedef record<DOMString, any>       AuthenticationExtensions;
 
 dictionary CollectedClientData {
     required DOMString           challenge;
     required DOMString           origin;
-    required DOMString           hashAlg;
-    DOMString                    tokenBinding;
+    required DOMString           hashAlgorithm;
+    DOMString                    tokenBindingId;
     // Extensions are not supported yet.
     // AuthenticationExtensions     clientExtensions; // Add in Bug 1406458
     // AuthenticationExtensions     authenticatorExtensions; // Add in Bug 1406458
 };
 
 enum PublicKeyCredentialType {
     "public-key"
 };
 
 dictionary PublicKeyCredentialDescriptor {
     required PublicKeyCredentialType type;
     required BufferSource id;
-    sequence<WebAuthnTransport>   transports;
+    sequence<AuthenticatorTransport>   transports;
 };
 
 typedef (boolean or DOMString) WebAuthnAlgorithmID; // Switch to COSE in Bug 1381190
 
 [SecureContext, Pref="security.webauth.webauthn"]
 interface AuthenticatorAssertionResponse : AuthenticatorResponse {
     [SameObject] readonly attribute ArrayBuffer      authenticatorData;
     [SameObject] readonly attribute ArrayBuffer      signature;
     readonly attribute DOMString                     userId;
 };
 
-// Renamed from "Transport" to avoid a collision with U2F
-enum WebAuthnTransport {
+enum AuthenticatorTransport {
     "usb",
     "nfc",
     "ble"
 };
 
 typedef long COSEAlgorithmIdentifier;
 
 typedef sequence<AAGUID>      AuthenticatorSelectionList;