Contact emailske...@chromium.org, deri...@google.com Explainer https://github.com/w3c/webauthn/wiki/Explainer:-WebAuthn-immediate-mediation
SpecificationNone Summary A mediation mode for navigator.credentials.get() that causes browser sign-in UI to be displayed to the user if there is a passkey or password for the site that is immediately known to the browser, or else rejects the promise with NotFoundError if there is no such credential available. This allows the site to avoid showing a sign-in page if the browser can offer a choice of sign-in credentials that are likely to succeed, while still allowing a traditional sign-in page flow for cases where there are no such credentials. Blink componentBlink>WebAuthentication <https://issues.chromium.org/issues?q=customfield1222907:%22Blink%3EWebAuthentication%22> Motivation Most sign-in experiences on the web are through sign-in pages that offer multiple options for accessing an account, such as username/password input fields, federated sign-in buttons, and sometimes explicit WebAuthn or passkey buttons. In cases where the browser is aware of passkeys or passwords that the user has for the site, this API feature would make the sign-in page unnecessary, by instead showing simple browser account selection UI when the user begins a sign-in attempt. Signing in with this flow would have less friction, and avoid user confusion from having to remember which sign-in option they have used previously on a given site. The main difference between this and existing modal WebAuthn sign-in UI is that for users without any such credentials, no browser UI will be shown, and their sign-in experience will be unchanged from what it is today (typically, a navigation to the site's sign-in page). Initial public proposalhttps://github.com/w3c/webauthn/issues/2228 TAG reviewNone TAG review statusPending Risks Interoperability and Compatibility None *Gecko*: No signal *WebKit*: No signal *Web developers*: No signal *Other signals*: WebView application risks Does this intent deprecate or change behavior of existing APIs, such that it has potentially high risk for Android WebView-based applications? None Debuggability None Is this feature fully tested by web-platform-tests <https://chromium.googlesource.com/chromium/src/+/main/docs/testing/web_platform_tests.md> ?No Flag name on about://flagsNone Finch feature nameNone Non-finch justificationNone Requires code in //chrome?True Estimated milestones No milestones specified Link to entry on the Chrome Platform Status https://chromestatus.com/feature/5164322780872704?gate=5189713352458240 This intent message was generated by Chrome Platform Status <https://chromestatus.com/>. -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscr...@chromium.org. To view this discussion visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CALjHGKrQEs4TDzuzb%3D0B00S4OmkE4a1NbZGi19sCueTKvN_m9w%40mail.gmail.com.
