Contact emailske...@chromium.org, deri...@google.com Explainer https://github.com/w3c/webauthn/wiki/Explainer:-WebAuthn-immediate-mediation
Specificationhttps://github.com/w3c/webauthn/pull/2291 Design docs https://github.com/w3c/webauthn/wiki/Explainer:-WebAuthn-immediate-mediation Summary A mediation mode for navigator.credentials.get() that causes browser sign-in UI to be displayed to the user if there is a passkey or password for the site that is immediately known to the browser, or else rejects the promise with NotAllowedError if there is no such credential available. This allows the site to avoid showing a sign-in page if the browser can offer a choice of sign-in credentials that are likely to succeed, while still allowing a traditional sign-in page flow for cases where there are no such credentials. Blink componentBlink>WebAuthentication <https://issues.chromium.org/issues?q=customfield1222907:%22Blink%3EWebAuthentication%22> TAG reviewhttps://github.com/w3ctag/design-reviews/issues/1092 TAG review statusPending Origin Trial documentation link https://github.com/w3c/webauthn/wiki/Explainer:-WebAuthn-immediate-mediation Risks Interoperability and Compatibility This is a discussion topic in the Web Authentication Working Group. Representatives from other browser vendors are involved in this discussion but there are no official signals of support yet. The ability to use `PasswordCredential` with this mediation mode is a particular compatibility risk because that credential type is not currently implemented Firefox or Safari. *Gecko*: No signal ( https://github.com/mozilla/standards-positions/issues/1239) *WebKit*: No signal ( https://github.com/WebKit/standards-positions/issues/504) Interest expressed verbally in a WebAuthn WG F2F. *Web developers*: No signals *Other signals*: WebView application risks Does this intent deprecate or change behavior of existing APIs, such that it has potentially high risk for Android WebView-based applications? None Goals for experimentation Validate performance of new UI for sign-in flows. Ongoing technical constraints None Debuggability None Will this feature be supported on all six Blink platforms (Windows, Mac, Linux, ChromeOS, Android, and Android WebView)?Yes Is this feature fully tested by web-platform-tests <https://chromium.googlesource.com/chromium/src/+/main/docs/testing/web_platform_tests.md> ?WPTs in progress DevTrial instructions https://docs.google.com/document/d/18iV5eUBM4NVoNx0gqPSxPyJAjPdrfIR75vcMDBewzZU/edit?tab=t.0#heading=h.uj0x12ysuohk Flag name on about://flagsexperimental-web-platform-features Finch feature nameWebAuthenticationImmediateGet Requires code in //chrome?True Tracking bughttps://issues.chromium.org/issues/408002783 Launch bughttps://launch.corp.google.com/launch/4394539 Estimated milestones Origin trial desktop first 139 Origin trial desktop last 141 DevTrial on desktop 136 DevTrial on Android 139 Link to entry on the Chrome Platform Status https://chromestatus.com/feature/5164322780872704?gate=5144500902821888 Links to previous Intent discussionsIntent to Prototype: https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CALjHGKrQEs4TDzuzb%3D0B00S4OmkE4a1NbZGi19sCueTKvN_m9w%40mail.gmail.com Ready for Trial: https://groups.google.com/a/chromium.org/g/blink-dev/c/zC13ioLIZ_E/m/P-P6B6gNCQAJ This intent message was generated by Chrome Platform Status <https://chromestatus.com/>. -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscr...@chromium.org. To view this discussion visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CALjHGKpJkA9G6De6D4%3DRNSbLMRdy8Yfa6B%3DgDNWeqTyHfv8sSg%40mail.gmail.com.
