Support WebOTP API and origin-bound one time code in cross-origin iframes #604
Labels
Progress: propose closing
we think it should be closed but are waiting on some feedback or consensus
Review type: later review
Review type: small delta
Topic: native platform integration
Features that enable web sites to integrate better with native platforms
Topic: security features
Venue: WICG
Milestone
HIQaH! QaH! TAG!
I'm requesting a TAG review of supporting WebOTP API and origin-bound one time code in cross-origin iframes.
The WebOTP API gives developers the ability to programmatically read one time codes from specially-formatted SMSes addressed to their origin to reduce user friction. The origin-bound one time code format is supported in Chrome and Safari. WebOTP API is supported in Chrome (TAG review, I2S).
In the initial launch of the API, we deliberately ignored the cross-origin iframe support. Post launch, we are trying to add such support to address feature requests from the web developer community (e.g. Shopify, iCloud) and improve interoperability.
Links for the general WebOTP API:
Links for cross-origin support:
Further details:
You should also know that...
The implication of the proposed modification:
We'd prefer the TAG provide feedback as (please delete all but the desired option):
🐛 open issues in our GitHub repo for each point of feedback
The text was updated successfully, but these errors were encountered: