Giter Site home page Giter Site logo

Comments (3)

ianbjacobs avatar ianbjacobs commented on June 1, 2024 1

It seems to me that the specification addresses this issue in step 6 of 4.1.6. Steps to respond to a payment request [1]. The specification answers the question by saying to run the Credential Management API "Request a Credential" algorithm. Based on @stephenmcgruer's comment, that's not what the current implementation does, so I propose to add an implementation note. However, I propose that we close this issue with the currently specified behavior and move in that direction. (Please indicate support for that proposal on this thread. Thanks!)

[1] https://w3c.github.io/secure-payment-confirmation/#sctn-steps-to-respond-to-a-payment-request

from secure-payment-confirmation.

stephenmcgruer avatar stephenmcgruer commented on June 1, 2024

(Just documenting reality, not making any suggestions currently).

WebAuthn
If we look at WebAuthn as a model, the credentials passed into SPC are roughly analogous to allowCredentials, which states that they are:

in descending order of the caller’s preference (the first item in the list is the most preferred credential, and so on down the list)

How this is ultimately used in WebAuthn appears to be a user dialog, step 7 of 6.3.3. The authenticatorGetAssertion Operation:

Prompt the user to select a public key credential source selectedCredential from credentialOptions.

(Where credentialOptions is allowCredentials filtered to those credentials that match the authenticator device).

How does this relate to SPC today?
Well, since the spec uses allowCredentials (step 5 of 4.1.6. Steps to respond to a payment request), by spec we should inherit WebAuthn's behavior and ultimately show . In practical reality, I believe in Chrome we just grab the first matching credential in the list and use that currently.

from secure-payment-confirmation.

ianbjacobs avatar ianbjacobs commented on June 1, 2024

The specification now includes an answer to the question in the algorithm of 4.1.6 along with a note that the Chrome implementation does not conform. We can decide in the future which needs to change.

from secure-payment-confirmation.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.