Skip to content

Commit

Permalink
Introduce DiscoverFromExternalSource activation + visibility requirem…
Browse files Browse the repository at this point in the history
…ents (#129)
marcoscaceres authored Jul 16, 2024
1 parent 1d53712 commit e0f3696
Showing 2 changed files with 60 additions and 19 deletions.
45 changes: 27 additions & 18 deletions explainer.md
Original file line number Diff line number Diff line change
@@ -34,26 +34,35 @@ At its core, the API is designed for a website ("verifier") to [transparently](h

Here is an example of how the  the API might be used in practice:

The API needs to be initiated through a user gesture, such as a button click:

```html
<button onclick="requestLicense()">Request Driver's license<button>
```


```javascript
const digitalCredential = await navigator.identity.get({
  digital: {
    providers: [{
      // Protocol extensibility:
      protocol: "oid4vp",
      // An example of an OpenID4VP request to wallets.
      // Based on https://github.com/openid/OpenID4VP/issues/125
      request: {
        nonce: "n-0S6_WzA2Mj",
        presentation_definition: {
          // Presentation Exchange request, omitted for brevity
        }
      }
    }],
  },
});
// To be decrypted on the server...
const encryptedData = digitalCredential.data;
async function requestLicense() {
const oid4pv = {
// Protocol extensibility:
protocol: "oid4vp", // An example of an OpenID4VP request to wallets. // Based on https://github.com/openid/OpenID4VP/issues/125
request: {
nonce: "n-0S6_WzA2Mj",
presentation_definition: {
// Presentation Exchange request, omitted for brevity
},
},
};
const digitalCredential = await navigator.identity.get({
digital: {
providers: [oid4pv],
},
});
// To be decrypted on the server...
const encryptedData = digitalCredential.data;
}
```

You can read a more detailed and technical description of the API in the [specification draft](https://wicg.github.io/digital-identities/).

### Using the API from another origin
34 changes: 33 additions & 1 deletion index.html
Original file line number Diff line number Diff line change
@@ -241,7 +241,7 @@ <h2>
{{DigitalCredential}} instances are [=Credential/origin bound=].
</p>
<h3>
Extensions to Credential Management API
Integration with Credential Management API
</h3>
<aside class="issue" data-number="65"></aside>
<h3>
@@ -272,6 +272,38 @@ <h3>
The <dfn data-dfn-for="DigitalCredential">data</dfn> member is the
credential's response data.
</p>
<h3>
[[\DiscoverFromExternalSource]](origin, options, sameOriginWithAncestors)
internal method
</h3>
<p>
When invoked, the <dfn class="export" data-dfn-for=
"DigitalCredential">[[\DiscoverFromExternalSource]](origin, options,
sameOriginWithAncestors)</dfn> internal method MUST:
</p>
<ol class="algorithm">
<li>Let |global| be [=this=]'s [=relevant global object=].
</li>
<li>Let |document| be |global|'s [=associated `Document`=].
</li>
<li>If |document| is not a [=Document/fully active descendant of a
top-level traversable with user attention=], [=exception/throw=]
{{"NotAllowedError"}} {{DOMException}}.
</li>
<li>If |window| does not have [=transient activation=],
[=exception/throw=] {{"NotAllowedError"}} {{DOMException}}.
</li>
<li>[=Consume user activation=] of |window|.
</li>
<li>
<aside class="issue">
Details of how to actually get the [=digital credential=] are
forthcoming.
</aside>
</li>
<li>Return a {{DigitalCredential}}.
</li>
</ol>
<h3>
[[\Store]](credential, sameOriginWithAncestors) internal method
</h3>

0 comments on commit e0f3696

Please sign in to comment.