You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
As spec'ed, the current API allows calling the methods on CredentialsContainer with multiple request types. However, in practice, this doesn't quite work because some of the methods show quite complicated UIs. Additionally, as this capability is not something that's been implemented by anyone (AFAIK), we should consider not allowing that.
Thus, the proposal is to check if more than one credential request (and creation?) option has been passed, and if so, throw a NotAllowedError.
To be clear:
// Throws a NotSupportedErrorawaitnavigator.credentials.get({digital: ...,publicKey: ...,federated: ...,});
As spec'ed, the current API allows calling the methods on CredentialsContainer with multiple request types. However, in practice, this doesn't quite work because some of the methods show quite complicated UIs. Additionally, as this capability is not something that's been implemented by anyone (AFAIK), we should consider not allowing that.
PasswordCredential & FederatedCredential types are both accepted by .get() on Chrome, and so are FederatedCredential and IdentityCredential.
We (meaning, the broader web authentication & identity teams at Chrome) want multiple credential types on the same request to work more broadly eventually. We designed FedCM and WebAuthn as part of CredMan with the aspirations that one day we'll unify the UI in an integrated sign-in experience.
It's true this is not the case right now for every combination of providers. However, I would prefer not to restrict this on the specification.
Moving discussion from WICG/digital-credentials#140 to here....
As spec'ed, the current API allows calling the methods on
CredentialsContainer
with multiple request types. However, in practice, this doesn't quite work because some of the methods show quite complicated UIs. Additionally, as this capability is not something that's been implemented by anyone (AFAIK), we should consider not allowing that.Thus, the proposal is to check if more than one credential request (and creation?) option has been passed, and if so, throw a
NotAllowedError
.To be clear:
cc @bvandersloot-mozilla, @samuelgoto, @nsatragno
The text was updated successfully, but these errors were encountered: