Bug 1764211 [wpt PR 33597] - webauthn: add remoteDesktopClientOverride extension IDL, a=testonly

Automatic update from web-platform-tests
webauthn: add remoteDesktopClientOverride extension IDL

This adds the IDL definition for a WebAuthn client extension that lets
a trusted remote desktop client web app execute a WebAuthn API request
that has been forwarded from a remote host, on behalf of the origin that
made the original remote request.

Availability of the extension is gated on a Blink Runtime flag which is
initialized from a command-line switch. The switch in turn can be set
via an internal-only enterprise policy,
WebAuthenticationRemoteProxiedRequestsAllowed.

(The same enterprise policy will also allow the extension to be used by
a single origin belonging to a Google-internal version of Chrome Remote
Desktop, for initial experimentation with this feature. But this CL only
adds the extension IDL definition and plumbs it through the mojo
interface. It isn't actually wiring up any of that behavior yet.)

Feature explainer: https://github.com/w3c/webauthn/wiki/Explainer:-WebAuthn-Remote-Desktop-Support

Intent to Prototype: https://groups.google.com/a/chromium.org/g/blink-dev/c/3EFGXppjkWo

Bug: 1314480
Change-Id: I91225175232c8027c17ffa2ef4b0d5c110f9ba5e
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3499163
Reviewed-by: Adam Langley <agl@chromium.org>
Reviewed-by: Philip Rogers <pdr@chromium.org>
Reviewed-by: Arthur Sonzogni <arthursonzogni@chromium.org>
Reviewed-by: Mike West <mkwst@chromium.org>
Commit-Queue: Martin Kreichgauer <martinkr@google.com>
Cr-Commit-Position: refs/heads/main@{#992107}

--

wpt-commits: 8d7ca2fc953c421ff8acd3cc64ea656da5bac9bd
wpt-pr: 33597

testing/web-platform/tests/webauthn/remote-desktop-client-override.tentative.https.html

@@ -0,0 +1,53 @@
+<!DOCTYPE html>
+<meta charset="utf-8">
+<title>remoteDesktopClientOverride</title>
+<meta name="timeout" content="long">
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script src="/resources/testdriver.js"></script>
+<script src="/resources/testdriver-vendor.js"></script>
+<script src=helpers.js></script>
+<body></body>
+<script>
+"use strict";
+
+const remoteDesktopClientOverride = {
+  origin: "https://acme.com",
+  sameOriginWithAncestors: false,
+};
+
+virtualAuthenticatorPromiseTest(async t => {
+  let promise = createCredential({
+    options: {
+      publicKey: {
+        extensions: {
+          remoteDesktopClientOverride: remoteDesktopClientOverride,
+        },
+      },
+    },
+  });
+  // Site isn't authorized to use the extension.
+  return promise_rejects_dom(t, "NotAllowedError", promise);
+}, {
+  protocol: "ctap2_1",
+  transport: "usb",
+}, "create() with remoteDesktopClientOverride");
+
+virtualAuthenticatorPromiseTest(async t => {
+  let promise = navigator.credentials.get({publicKey: {
+      challenge: new Uint8Array(),
+        allowCredentials: [{
+          id: (await createCredential()).rawId,
+          type: "public-key",
+        }],
+        extensions: {
+          remoteDesktopClientOverride: remoteDesktopClientOverride,
+      },
+  }});
+  // Site isn't authorized to use the extension.
+  return promise_rejects_dom(t, "NotAllowedError", promise);
+}, {
+  protocol: "ctap2_1",
+  transport: "usb",
+}, "get() with remoteDesktopClientOverride on an unauthorized site");
+</script>