New PublicKeyCredential methods for JSON (de)serialization

index.bs

@@ -1407,6 +1407,7 @@ that are returned to the caller when a new credential is created, or a new asser
         [SameObject] readonly attribute AuthenticatorResponse    response;
         [SameObject] readonly attribute DOMString?               authenticatorAttachment;
         AuthenticationExtensionsClientOutputs getClientExtensionResults();
+        PublicKeyCredentialJSON toJSON();
     };
 </xmp>
 <dl dfn-type="attribute" dfn-for="PublicKeyCredential">
@@ -1450,6 +1451,60 @@ that are returned to the caller when a new credential is created, or a new asser
         [=extension identifier=] → [=client extension output=] entries produced by the extension's
         [=client extension processing=].
 
+    :   {{PublicKeyCredential/toJSON()}}
+    ::  This operation returns {{RegistrationResponseJSON}} or {{AuthenticationResponseJSON}}, that is a JSON-serialized
+        representation of the instance of {{PublicKeyCredential}} suitable for submission to a [=[RP]=] server as a DOMString
+        payload with `application/json` mimetype. The [=client=] is in charge of
+        [serializing values to JSON as usual](https://webidl.spec.whatwg.org/#idl-tojson-operation), but must take additional
+        steps to encode any {{ArrayBuffer}} values to {{DOMString}} values using [=base64url encoding=] to ensure compatibility
+        with JSON syntax. {{ArrayBuffer}} values to be encoded are identified according to the detected type of the instance's
+        `response` property.
+    ::  |clientExtensionResults| below should be the output of {{PublicKeyCredential/getClientExtensionResults()}}, with any
+        {{ArrayBuffer}} values encoded to {{DOMString}} values using [=base64url encoding=]. This may include {{ArrayBuffer}}
+        values from extensions registered in the IANA "WebAuthn Extension Identifiers" registry [[!IANA-WebAuthn-Registries]]
+        but not defined in [[#sctn-extensions]].
+</dl>
+
+<xmp class="idl">
+    typedef DOMString Base64URLString;
+    typedef (RegistrationResponseJSON or AuthenticationResponseJSON) PublicKeyCredentialJSON;
+
+    dictionary RegistrationResponseJSON {
+        Base64URLString id;
+        Base64URLString rawId;
+        AuthenticatorAttestationResponseJSON response;
+        DOMString?  authenticatorAttachment;
+        AuthenticationExtensionsClientOutputsJSON clientExtensionResults;
+        DOMString type;
+    };
+
+    dictionary AuthenticatorAttestationResponseJSON {
+        Base64URLString clientDataJSON;
+        Base64URLString attestationObject;
+        sequence<DOMString> transports;
+    };
+
+    dictionary AuthenticationResponseJSON {
+        Base64URLString id;
+        Base64URLString rawId;
+        AuthenticatorAssertionResponseJSON response;
+        DOMString?  authenticatorAttachment;
+        AuthenticationExtensionsClientOutputsJSON clientExtensionResults;
+        DOMString type;
+    };
+
+    dictionary AuthenticatorAssertionResponseJSON {
+        Base64URLString clientDataJSON;
+        Base64URLString authenticatorData;
+        Base64URLString signature;
+        Base64URLString? userHandle;
+    };
+
+    dictionary AuthenticationExtensionsClientOutputsJSON {
+    };
+</xmp>
+
+<dl dfn-type="attribute" dfn-for="PublicKeyCredential">
     :   <dfn>\[[type]]</dfn>
     ::  The {{PublicKeyCredential}} [=interface object=]'s {{Credential/[[type]]}} [=internal slot=]'s value is the string
         "`public-key`".
@@ -2387,6 +2442,84 @@ Note: Invoking this method from a [=browsing context=] where the [=Web Authentic
 
 </div>
 
+### Deserialize Registration ceremony options - PublicKeyCredential's `getCreationOptionsFromJSON()` Method ### {#sctn-getCreationOptionsFromJSON}
+
+<div link-for-hint="WebAuthentication/getCreationOptionsFromJSON">
+
+[=[WRPS]=] use this method to convert JSON-compatible serialized representations of options for
+{{CredentialsContainer/create()|navigator.credentials.create()}} to {{PublicKeyCredentialCreationOptions}}.
+
+Upon invocation, the [=client=] must take the provided options and return an identically-structured object,
+making sure to decode to {{ArrayBuffer}} those {{DOMString}} properties that are encoded with [=base64url encoding=]
+but must be {{ArrayBuffer}} values according to the definition of {{PublicKeyCredentialCreationOptions}}.
+
+{{AuthenticationExtensionsClientInputsJSON}} may include extensions registered in the IANA
+"WebAuthn Extension Identifiers" registry [[!IANA-WebAuthn-Registries]] but not defined in [[#sctn-extensions]].
+In either case the [=client=] must decode to {{ArrayBuffer}} those {{DOMString}} values that are encoded with
+[=base64url encoding=] but must be {{ArrayBuffer}} values according to the extension's definition.
+
+<xmp class="idl">
+    partial interface PublicKeyCredential {
+        static PublicKeyCredentialCreationOptions getCreationOptionsFromJSON(PublicKeyCredentialCreationOptionsJSON options);
+    };
+
+    dictionary PublicKeyCredentialCreationOptionsJSON {
+        required PublicKeyCredentialRpEntity                    rp;
+        required PublicKeyCredentialUserEntityJSON              user;
+        required Base64URLString                                challenge;
+        required sequence<PublicKeyCredentialParameters>        pubKeyCredParams;
+        unsigned long                                           timeout;
+        sequence<PublicKeyCredentialDescriptorJSON>             excludeCredentials = [];
+        AuthenticatorSelectionCriteria                          authenticatorSelection;
+        DOMString                                               attestation = "none";
+        AuthenticationExtensionsClientInputsJSON                extensions;
+    };
+
+    dictionary PublicKeyCredentialUserEntityJSON {
+        required Base64URLString        id;
+        required DOMString              name;
+        required DOMString              displayName;
+    };
+
+    dictionary PublicKeyCredentialDescriptorJSON {
+        required Base64URLString        id;
+        required DOMString              type;
+        sequence<DOMString>             transports;
+    };
+
+    dictionary AuthenticationExtensionsClientInputsJSON {
+    };
+</xmp>
+
+</div>
+
+### Deserialize Authentication ceremony options - PublicKeyCredential's `getRequestOptionsFromJSON()` Methods ### {#sctn-getRequestOptionsFromJSON}
+
+<div link-for-hint="WebAuthentication/getRequestOptionsFromJSON">
+
+[=[WRPS]=] use this method to convert JSON-compatible serialized representations of options for {{CredentialsContainer/get()|navigator.credentials.get()}} to {{PublicKeyCredentialRequestOptions}}.
+
+Upon invocation, the [=client=] must take the provided options and return an identically-structured object,
+making sure to decode to {{ArrayBuffer}} those {{DOMString}} properties that are encoded with [=base64url encoding=]
+but must be {{ArrayBuffer}} values according to the definition of {{PublicKeyCredentialRequestOptions}}.
+
+<xmp class="idl">
+    partial interface PublicKeyCredential {
+        static PublicKeyCredentialRequestOptions getRequestOptionsFromJSON(PublicKeyCredentialRequestOptionsJSON options);
+    };
+
+    dictionary PublicKeyCredentialRequestOptionsJSON {
+        required Base64URLString                                challenge;
+        unsigned long                                           timeout;
+        DOMString                                               rpId;
+        sequence<PublicKeyCredentialDescriptorJSON>             allowCredentials = [];
+        DOMString                                               userVerification = "preferred";
+        AuthenticationExtensionsClientInputsJSON                extensions;
+    };
+</xmp>
+
+</div>
+
 ## Authenticator Responses (interface <dfn interface>AuthenticatorResponse</dfn>) ## {#iface-authenticatorresponse}
 
 [=Authenticators=] respond to [=[RP]=] requests by returning an object derived from the