Intent to Experiment: Web Authentication immediate mediation
Ken Buchanan
Contact emails
ke...@chromium.org, der...@google.comExplainer
https://github.com/w3c/webauthn/wiki/Explainer:-WebAuthn-immediate-mediationSpecification
https://github.com/w3c/webauthn/pull/2291Design docs
https://github.com/w3c/webauthn/wiki/Explainer:-WebAuthn-immediate-mediation
Summary
A mediation mode for navigator.credentials.get() that causes browser sign-in UI to be displayed to the user if there is a passkey or password for the site that is immediately known to the browser, or else rejects the promise with NotAllowedError if there is no such credential available. This allows the site to avoid showing a sign-in page if the browser can offer a choice of sign-in credentials that are likely to succeed, while still allowing a traditional sign-in page flow for cases where there are no such credentials.
Blink component
Blink>WebAuthenticationTAG review
https://github.com/w3ctag/design-reviews/issues/1092TAG review status
PendingOrigin Trial documentation link
https://github.com/w3c/webauthn/wiki/Explainer:-WebAuthn-immediate-mediationRisks
Interoperability and Compatibility
This is a discussion topic in the Web Authentication Working Group. Representatives from other browser vendors are involved in this discussion but there are no official signals of support yet. The ability to use `PasswordCredential` with this mediation mode is a particular compatibility risk because that credential type is not currently implemented Firefox or Safari.
Gecko: No signal (https://github.com/mozilla/standards-positions/issues/1239)
WebKit: No signal (https://github.com/WebKit/standards-positions/issues/504) Interest expressed verbally in a WebAuthn WG F2F.
Web developers: No signals
Other signals:
WebView application risks
Does this intent deprecate or change behavior of existing APIs, such that it has potentially high risk for Android WebView-based applications?
None
Goals for experimentation
Validate performance of new UI for sign-in flows.Ongoing technical constraints
None
Debuggability
None
Will this feature be supported on all six Blink platforms (Windows, Mac, Linux, ChromeOS, Android, and Android WebView)?
YesIs this feature fully tested by web-platform-tests?
WPTs in progressDevTrial instructions
https://docs.google.com/document/d/18iV5eUBM4NVoNx0gqPSxPyJAjPdrfIR75vcMDBewzZU/edit?tab=t.0#heading=h.uj0x12ysuohkFlag name on about://flags
experimental-web-platform-featuresFinch feature name
WebAuthenticationImmediateGetRequires code in //chrome?
TrueTracking bug
https://issues.chromium.org/issues/408002783Launch bug
https://launch.corp.google.com/launch/4394539Estimated milestones
| Origin trial desktop first | 139 |
| Origin trial desktop last | 141 |
| DevTrial on desktop | 136 |
| DevTrial on Android | 139 |
Link to entry on the Chrome Platform Status
https://chromestatus.com/feature/5164322780872704?gate=5144500902821888Links to previous Intent discussions
Intent to Prototype: https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CALjHGKrQEs4TDzuzb%3D0B00S4OmkE4a1NbZGi19sCueTKvN_m9w%40mail.gmail.comReady for Trial: https://groups.google.com/a/chromium.org/g/blink-dev/c/zC13ioLIZ_E/m/P-P6B6gNCQAJ
Chris Harrelson
--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.
To view this discussion visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CALjHGKpJkA9G6De6D4%3DRNSbLMRdy8Yfa6B%3DgDNWeqTyHfv8sSg%40mail.gmail.com.
