Credential request options mediation requirement

[marcoscaceres]

The CredentialRequestOptions dictionary provides CredentialMediationRequirement mediation that defaults to "optional".

The other possible values are:

• "silent",
• "optional",
• "conditional",
• "required"

I think that any call to .get() will be user mediated (i.e., will show UI). Thus, we should throw a type error for anything but "required" user mitigation.

[marcoscaceres]

Related w3c/webappsec-credential-management#248

[Sakurann]

(if I understood correctly) what if there is no wallet installed on a user device that can meet verifier's requests? would that still result in user interaction "you don't have a wallet that can fulfill this request?". It actually might be nice if this can lead to a screen where verifier can prompt the user to install wallet(s)?

[timcappalli]

(if I understood correctly) what if there is no wallet installed on a user device that can meet verifier's requests? would that still result in user interaction "you don't have a wallet that can fulfill this request?". It actually might be nice if this can lead to a screen where verifier can prompt the user to install wallet(s)?

That would be the app platform's responsibility / choice. Credential Mediation provides the framework to be able to provide non-modal experiences for credential requests in the browser, such as the autofill UI for passkeys.

[samuelgoto]

would that still result in user interaction "you don't have a wallet that can fulfill this request?".

Yeah, I think that's what Android is converging to: show a "no credential available" UI.

It actually might be nice if this can lead to a screen where verifier can prompt the user to install wallet(s)?

That seems reasonable and worth exploring further.

[marcoscaceres]

Yeah, thought that that's outside the scope of the standard... that's gets into platform specific experience stuff. But it's a great suggestion @Sakurann.