Comments (3)
It seems to me that the specification addresses this issue in step 6 of 4.1.6. Steps to respond to a payment request [1]. The specification answers the question by saying to run the Credential Management API "Request a Credential" algorithm. Based on @stephenmcgruer's comment, that's not what the current implementation does, so I propose to add an implementation note. However, I propose that we close this issue with the currently specified behavior and move in that direction. (Please indicate support for that proposal on this thread. Thanks!)
[1] https://w3c.github.io/secure-payment-confirmation/#sctn-steps-to-respond-to-a-payment-request
from secure-payment-confirmation.
(Just documenting reality, not making any suggestions currently).
WebAuthn
If we look at WebAuthn as a model, the credentials passed into SPC are roughly analogous to allowCredentials, which states that they are:
in descending order of the caller’s preference (the first item in the list is the most preferred credential, and so on down the list)
How this is ultimately used in WebAuthn appears to be a user dialog, step 7 of 6.3.3. The authenticatorGetAssertion Operation:
Prompt the user to select a public key credential source selectedCredential from credentialOptions.
(Where credentialOptions is allowCredentials filtered to those credentials that match the authenticator device).
How does this relate to SPC today?
Well, since the spec uses allowCredentials (step 5 of 4.1.6. Steps to respond to a payment request), by spec we should inherit WebAuthn's behavior and ultimately show . In practical reality, I believe in Chrome we just grab the first matching credential in the list and use that currently.
from secure-payment-confirmation.
The specification now includes an answer to the question in the algorithm of 4.1.6 along with a note that the Chrome implementation does not conform. We can decide in the future which needs to change.
from secure-payment-confirmation.
Related Issues (20)
- i18n Review Checklist for Secure Payment Confirmation (headed to CR) HOT 1
- Broken "Object" xref in § Set SPC Transaction Mode HOT 2
- language and direction metadata needed? HOT 6
- Error example contains a hardcoded string HOT 1
- Term 'monkey-patch' may not be inclusive? HOT 1
- `DOMString` for `payeeName` vs. `USVString` for other fields? HOT 1
- Add locale hint for browser UX
- Proposal: Remove User Activation requirement for authentication HOT 1
- Use lowercase values in enum HOT 11
- Register SPC-related WebAuthn extensions in IANA registry HOT 8
- Broken references in Secure Payment Confirmation
- Example of `locale` member HOT 3
- I18N problem with displayName unresolved? HOT 3
- [PING] Only allow triggering authentication from a foreground tab HOT 4
- Broken references in Secure Payment Confirmation
- Broken references in Secure Payment Confirmation
- Add Support for Cross-Device Authentication HOT 2
- Implementing a time out for fallback UX HOT 1
- How will new passkey providers impact SPC HOT 1
- Latheef HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from secure-payment-confirmation.