Add "webauthn" autocomplete token #8006
Conversation
Add a "webauthn" autocomplete token to display WebAuthn credentials through Conditional Mediation. Fixes whatwg#7999
Add a web platform test for the "webauthn" autocomplete detail token. Drive-by fix to the "contact category" bit of the test that was not actually testing the contact category. See whatwg/html#8006 Bug: 1171985 Change-Id: Idfdee8447c5eaa6b4d5ab34249dee2c46b82ecec
|
@domenic please take a look. Thank you! ^_^ |
Add a web platform test for the "webauthn" autocomplete detail token. Drive-by fix to the "contact category" bit of the test that was not actually testing the contact category. See whatwg/html#8006 Bug: 1171985 Change-Id: Idfdee8447c5eaa6b4d5ab34249dee2c46b82ecec
There was a problem hiding this comment.
Is there an explainer for this feature in a bit more detail? I can't really understand why autocomplete is involved here, or why the autocompleted value would be something like "Tim Berners-Lee's phone credential" and why the string "Tim Berners-Lee's phone credential" would be treated like a password.
There was a problem hiding this comment.
Is there an explainer for this feature in a bit more detail?
I'm not sure from your comment if you missed the explainer linked on the PR description or found it insufficient. I'll try answering below, and will update the explainer if it turns out we need more detail.
I can't really understand why autocomplete is involved here,
We want to solve the problem of transitioning from passwords to webauthn credentials ("passkeys"). Websites can't tell in advance if a user has webauthn credentials or not, so they make a "conditional" request that will only show credentials if the user has them. We want these credentials to be shown in the same autofill prompt as passwords & usernames because that's what users are used to. This way, websites don't have to change their existing sign-in UX to support webauthn credentials.
The webauthn autocomplete token lets the website say where they want to show webauthn credentials.
or why the autocompleted value would be something like "Tim Berners-Lee's phone credential"
On the autofill prompt, the browser will somehow show the user these webauthn credentials. The language is up to the user agent but will likely be something like:
Nina Satragno
Sign in with Pixel Imprint
I tried to communicate that without using the name of a specific product.
and why the string "Tim Berners-Lee's phone credential" would be treated like a password.
This is probably the trickiest detail to describe correctly -- if the user clicks on a webauthn credential the browser won't autofill anything. Instead, a pending webauthn request will resolve and presumably that will sign-in the user. I tried clarifying this point on the PR.
Add a web platform test for the "webauthn" autocomplete detail token. Drive-by fix to the "contact category" bit of the test. The test intended to exceed the maximum number of tokens for an autofill field type of category "contact" [1], but used the field name "name" which is of category "normal". Change "name" to "tel" which actually is of category "contact". See whatwg/html#8006 [1] https://html.spec.whatwg.org/multipage/form-control-infrastructure.html#autofill-processing-model Bug: 1171985 Change-Id: Idfdee8447c5eaa6b4d5ab34249dee2c46b82ecec
There was a problem hiding this comment.
I'm not sure from your comment if you missed the explainer linked on the PR description or found it insufficient. I'll try answering below, and will update the explainer if it turns out we need more detail.
Sorry, I missed it! I appreciate the extra background regardless, and have now read it. I added some comments inline about how to best integrate this sort of thing into the spec infrastructure, IMO.
Add a web platform test for the "webauthn" autocomplete detail token. Drive-by fix to the "contact category" bit of the test. The test intended to exceed the maximum number of tokens for an autofill field type of category "contact" [1], but used the field name "name" which is of category "normal". Change "name" to "tel" which actually is of category "contact". See whatwg/html#8006 [1] https://html.spec.whatwg.org/multipage/form-control-infrastructure.html#autofill-processing-model Bug: 1171985 Change-Id: Idfdee8447c5eaa6b4d5ab34249dee2c46b82ecec Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3704319 Commit-Queue: Nina Satragno <[email protected]> Reviewed-by: Vasilii Sukhanov <[email protected]> Cr-Commit-Position: refs/heads/main@{#1014943}
Add a web platform test for the "webauthn" autocomplete detail token. Drive-by fix to the "contact category" bit of the test. The test intended to exceed the maximum number of tokens for an autofill field type of category "contact" [1], but used the field name "name" which is of category "normal". Change "name" to "tel" which actually is of category "contact". See whatwg/html#8006 [1] https://html.spec.whatwg.org/multipage/form-control-infrastructure.html#autofill-processing-model Bug: 1171985 Change-Id: Idfdee8447c5eaa6b4d5ab34249dee2c46b82ecec Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3704319 Commit-Queue: Nina Satragno <[email protected]> Reviewed-by: Vasilii Sukhanov <[email protected]> Cr-Commit-Position: refs/heads/main@{#1014943}
Add a web platform test for the "webauthn" autocomplete detail token. Drive-by fix to the "contact category" bit of the test. The test intended to exceed the maximum number of tokens for an autofill field type of category "contact" [1], but used the field name "name" which is of category "normal". Change "name" to "tel" which actually is of category "contact". See whatwg/html#8006 [1] https://html.spec.whatwg.org/multipage/form-control-infrastructure.html#autofill-processing-model Bug: 1171985 Change-Id: Idfdee8447c5eaa6b4d5ab34249dee2c46b82ecec Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3704319 Commit-Queue: Nina Satragno <[email protected]> Reviewed-by: Vasilii Sukhanov <[email protected]> Cr-Commit-Position: refs/heads/main@{#1014943}
…n", a=testonly Automatic update from web-platform-tests [webauthn] WPT for autocomplete="webauthn" Add a web platform test for the "webauthn" autocomplete detail token. Drive-by fix to the "contact category" bit of the test. The test intended to exceed the maximum number of tokens for an autofill field type of category "contact" [1], but used the field name "name" which is of category "normal". Change "name" to "tel" which actually is of category "contact". See whatwg/html#8006 [1] https://html.spec.whatwg.org/multipage/form-control-infrastructure.html#autofill-processing-model Bug: 1171985 Change-Id: Idfdee8447c5eaa6b4d5ab34249dee2c46b82ecec Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3704319 Commit-Queue: Nina Satragno <[email protected]> Reviewed-by: Vasilii Sukhanov <[email protected]> Cr-Commit-Position: refs/heads/main@{#1014943} -- wpt-commits: 57933a8edb4f01c8b63435d7f08cbd8ba4efd32b wpt-pr: 34410
…n", a=testonly Automatic update from web-platform-tests [webauthn] WPT for autocomplete="webauthn" Add a web platform test for the "webauthn" autocomplete detail token. Drive-by fix to the "contact category" bit of the test. The test intended to exceed the maximum number of tokens for an autofill field type of category "contact" [1], but used the field name "name" which is of category "normal". Change "name" to "tel" which actually is of category "contact". See whatwg/html#8006 [1] https://html.spec.whatwg.org/multipage/form-control-infrastructure.html#autofill-processing-model Bug: 1171985 Change-Id: Idfdee8447c5eaa6b4d5ab34249dee2c46b82ecec Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3704319 Commit-Queue: Nina Satragno <[email protected]> Reviewed-by: Vasilii Sukhanov <[email protected]> Cr-Commit-Position: refs/heads/main@{#1014943} -- wpt-commits: 57933a8edb4f01c8b63435d7f08cbd8ba4efd32b wpt-pr: 34410
Add a web platform test for the "webauthn" autocomplete detail token. Drive-by fix to the "contact category" bit of the test. The test intended to exceed the maximum number of tokens for an autofill field type of category "contact" [1], but used the field name "name" which is of category "normal". Change "name" to "tel" which actually is of category "contact". See whatwg/html#8006 [1] https://html.spec.whatwg.org/multipage/form-control-infrastructure.html#autofill-processing-model Bug: 1171985 Change-Id: Idfdee8447c5eaa6b4d5ab34249dee2c46b82ecec Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3704319 Commit-Queue: Nina Satragno <[email protected]> Reviewed-by: Vasilii Sukhanov <[email protected]> Cr-Commit-Position: refs/heads/main@{#1014943} NOKEYCHECK=True GitOrigin-RevId: 817b6a79e3a8bc3b29044ced23a09b4be2ad115b
Add a "webauthn" autocomplete token to display WebAuthn credentials through Conditional Mediation. This lets websites indicate that they want webauthn credentials ("passkeys") to show up in addition to username / passwords on autofill prompts.
Explainer
autocomplete="webauthn"would fire a webauthn request which the automation support would resolve immediately. The request is indistinguishable from a regular webauthn request, so a browser not implementing the feature would pass.Fixes #7999
/acknowledgements.html ( diff )
/form-control-infrastructure.html ( diff )
/infrastructure.html ( diff )
/references.html ( diff )