diff --git a/secure-payment-confirmation/authentication-accepted.https.html b/secure-payment-confirmation/authentication-accepted.https.html index 1677de3f3c0b9c..03f0be2cea37d4 100644 --- a/secure-payment-confirmation/authentication-accepted.https.html +++ b/secure-payment-confirmation/authentication-accepted.https.html @@ -58,7 +58,7 @@ assert_false(clientDataJSON.crossOrigin); // Payment-specific information. - assert_equals(clientDataJSON.payment.rp, window.location.hostname); + assert_equals(clientDataJSON.payment.rpId, window.location.hostname); assert_equals(clientDataJSON.payment.topOrigin, window.location.origin); assert_equals(clientDataJSON.payment.payeeOrigin, payeeOrigin); assert_equals(clientDataJSON.payment.total.value, PAYMENT_DETAILS.total.amount.value); @@ -66,6 +66,13 @@ assert_equals(clientDataJSON.payment.instrument.icon, ICON_URL); assert_equals(clientDataJSON.payment.instrument.displayName, displayName); + // If the User Agent still supports the legacy 'rp' output parameter, it + // should be identical to the 'rpId' output parameter. See + // https://github.com/w3c/secure-payment-confirmation/pull/198 + if ('rp' in clientDataJSON.payment) { + assert_equals(clientDataJSON.payment.rp, clientDataJSON.payment.rpId); + } + // TODO: Verify cred.response.signature, to validate that it covers all fields // from clientDataJSON. }, 'Successful SPC authentication'); diff --git a/secure-payment-confirmation/authentication-cross-origin.sub.https.html b/secure-payment-confirmation/authentication-cross-origin.sub.https.html index 5ef366606cb0cb..779a5f40213a1b 100644 --- a/secure-payment-confirmation/authentication-cross-origin.sub.https.html +++ b/secure-payment-confirmation/authentication-cross-origin.sub.https.html @@ -66,6 +66,6 @@ // The origin should be ourselves, whilst the RP should be the alt hostname // (as the owner of the credential). assert_equals(clientDataJSON.origin, window.location.origin); - assert_equals(clientDataJSON.payment.rp, '{{hosts[alt][]}}'); + assert_equals(clientDataJSON.payment.rpId, '{{hosts[alt][]}}'); }, 'Cross-origin SPC authentication ceremony'); diff --git a/secure-payment-confirmation/authentication-in-iframe.sub.https.html b/secure-payment-confirmation/authentication-in-iframe.sub.https.html index 7c77a1750628dd..79b6b5baff05b0 100644 --- a/secure-payment-confirmation/authentication-in-iframe.sub.https.html +++ b/secure-payment-confirmation/authentication-in-iframe.sub.https.html @@ -75,7 +75,7 @@ assert_equals(result.clientDataJSON.origin, 'https://{{hosts[alt][]}}:{{ports[https][0]}}'); assert_equals(result.clientDataJSON.payment.topOrigin, window.location.origin); // The credential was created in this frame, and so we are the rp. - assert_equals(result.clientDataJSON.payment.rp, window.location.hostname); + assert_equals(result.clientDataJSON.payment.rpId, window.location.hostname); // The payeeOrigin should be unrelated to what the origin and topOrigin are. assert_equals(result.clientDataJSON.payment.payeeOrigin, 'https://merchant.com'); }, 'SPC authentication ceremony in cross-origin iframe');