Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
This is in contrast to
We are exploring how to make email verifications work in collaboration with email providers and we are seeing how it is going to be key for a browser to know where to expect the OTP to be coming from.
That is, if the OTP can come from multiple sources, and listening / engaging with those sources isn't cheap / trivial (e.g. communicating with an email provider or expecting an SMS from the cellular network), a browser benefits from knowing where it is expecting to come from to make informed decisions.
Because this API needs to be forward compatible when / if we introduce other transport mechanisms (e.g. email is looking like the most likely), we thought adding
I hope this explains sufficiently, but I can certainly go on more about how far we are getting into verification of email addresses and provide much more details that is informing this specific bit of the API.
I'm going to close this since I believe I answered your question, but feel free to re-open if you need further clarification or information or need me to act on anything, and I'd be happy to course correct.