PM-19511: Add support for ExcludedCredentials (#14128)

* works * Add mapping * remove the build script * cleanup
2025-12-17 08:43:33 +00:00 · 2025-04-08 19:59:31 +02:00
parent b676f9b8a5
commit 411d195386
5 changed files with 17 additions and 2 deletions
--- a/apps/desktop/desktop_native/macos_provider/src/registration.rs
+++ b/apps/desktop/desktop_native/macos_provider/src/registration.rs
@@ -14,6 +14,7 @@ pub struct PasskeyRegistrationRequest {
    user_verification: UserVerification,
    supported_algorithms: Vec<i32>,
    window_xy: Position,
+    excluded_credentials: Vec<Vec<u8>>,
 }

 #[derive(uniffi::Record, Serialize, Deserialize)]
--- a/apps/desktop/desktop_native/napi/index.d.ts
+++ b/apps/desktop/desktop_native/napi/index.d.ts
@@ -130,6 +130,7 @@ export declare namespace autofill {
    userVerification: UserVerification
    supportedAlgorithms: Array<number>
    windowXy: Position
+    excludedCredentials: Array<Array<number>>
  }
  export interface PasskeyRegistrationResponse {
    rpId: string
--- a/apps/desktop/desktop_native/napi/src/lib.rs
+++ b/apps/desktop/desktop_native/napi/src/lib.rs
@@ -534,6 +534,7 @@ pub mod autofill {
        pub user_verification: UserVerification,
        pub supported_algorithms: Vec<i32>,
        pub window_xy: Position,
+        pub excluded_credentials: Vec<Vec<u8>>,
    }

    #[napi(object)]
--- a/apps/desktop/macos/autofill-extension/CredentialProviderViewController.swift
+++ b/apps/desktop/macos/autofill-extension/CredentialProviderViewController.swift
@@ -299,6 +299,14 @@ class CredentialProviderViewController: ASCredentialProviderViewController {
                    UserVerification.discouraged
                }
                
+                // Convert excluded credentials to an array of credential IDs
+                var excludedCredentialIds: [Data] = []
+                if #available(macOSApplicationExtension 15.0, *) {
+                    if let excludedCreds = request.excludedCredentials {
+                        excludedCredentialIds = excludedCreds.map { $0.credentialID }
+                    }
+                }
+                
                let req = PasskeyRegistrationRequest(
                    rpId: passkeyIdentity.relyingPartyIdentifier,
                    userName: passkeyIdentity.userName,
@@ -306,7 +314,8 @@ class CredentialProviderViewController: ASCredentialProviderViewController {
                    clientDataHash: request.clientDataHash,
                    userVerification: userVerification,
                    supportedAlgorithms: request.supportedAlgorithms.map{ Int32($0.rawValue) },
-                    windowXy: self.getWindowPosition()
+                    windowXy: self.getWindowPosition(),
+                    excludedCredentials: excludedCredentialIds
                )
                logger.log("[autofill-extension] prepareInterface(passkey) calling preparePasskeyRegistration")                
                
--- a/apps/desktop/src/autofill/services/desktop-autofill.service.ts
+++ b/apps/desktop/src/autofill/services/desktop-autofill.service.ts
@@ -289,7 +289,10 @@ export class DesktopAutofillService implements OnDestroy {
        alg,
        type: "public-key",
      })),
-      excludeCredentialDescriptorList: [],
+      excludeCredentialDescriptorList: request.excludedCredentials.map((credentialId) => ({
+        id: new Uint8Array(credentialId),
+        type: "public-key" as const,
+      })),
      requireResidentKey: true,
      requireUserVerification:
        request.userVerification === "required" || request.userVerification === "preferred",