Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Introduce DiscoverFromExternalSource activation + visibility requirements #129

Merged
merged 6 commits into from
Jul 16, 2024
Merged
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
45 changes: 27 additions & 18 deletions explainer.md
Original file line number Diff line number Diff line change
@@ -34,26 +34,35 @@ At its core, the API is designed for a website ("verifier") to [transparently](h

Here is an example of how the  the API might be used in practice:

The API needs to be initiated through a user gesture, such as a button click:

```html
<button onclick="requestLicense()">Request Driver's license<button>
```


```javascript
const digitalCredential = await navigator.identity.get({
  digital: {
    providers: [{
      // Protocol extensibility:
      protocol: "oid4vp",
      // An example of an OpenID4VP request to wallets.
      // Based on https://github.com/openid/OpenID4VP/issues/125
      request: {
        nonce: "n-0S6_WzA2Mj",
        presentation_definition: {
          // Presentation Exchange request, omitted for brevity
        }
      }
    }],
  },
});
// To be decrypted on the server...
const encryptedData = digitalCredential.data;
async function requestLicense() {
const oid4pv = {
// Protocol extensibility:
protocol: "oid4vp", // An example of an OpenID4VP request to wallets. // Based on https://github.com/openid/OpenID4VP/issues/125
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
protocol: "oid4vp", // An example of an OpenID4VP request to wallets. // Based on https://github.com/openid/OpenID4VP/issues/125
protocol: "urn:openid.net:oid4vp", // An example of an OpenID4VP request to wallets. // Based on https://github.com/openid/OpenID4VP/issues/125

That's the value they are using here: https://github.com/openid/OpenID4VP/pull/155/files

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'll see if I can get them to drop that.... using a URN doesn't seem appropriate as otherwise we should parse these as URLs.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I thought that we were deliberate in making protocol a DOMString, so that we wouldn't have to form an opinion on what these were.

Should we care if this is a URN or not? Or are you suggesting that we reject any DOMString that isn't a URL?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

def should care if it's an URN... because URNs are URLs, and hence it implies URL parsing. We just don't want to get into a world where people are expecting a URL where we are using a DOMString.

request: {
nonce: "n-0S6_WzA2Mj",
presentation_definition: {
// Presentation Exchange request, omitted for brevity
},
},
};
const digitalCredential = await navigator.identity.get({
digital: {
providers: [oid4pv],
},
});
// To be decrypted on the server...
const encryptedData = digitalCredential.data;
}
```

You can read a more detailed and technical description of the API in the [specification draft](https://wicg.github.io/digital-identities/).


34 changes: 33 additions & 1 deletion index.html
Original file line number Diff line number Diff line change
@@ -241,7 +241,7 @@ <h2>
{{DigitalCredential}} instances are [=Credential/origin bound=].
</p>
<h3>
Extensions to Credential Management API
Integration with Credential Management API
</h3>
<aside class="issue" data-number="65"></aside>
<h3>
@@ -272,6 +272,38 @@ <h3>
The <dfn data-dfn-for="DigitalCredential">data</dfn> member is the
credential's response data.
</p>
<h3>
[[\DiscoverFromExternalSource]](origin, options, sameOriginWithAncestors)
internal method
</h3>
<p>
When invoked, the <dfn class="export" data-dfn-for=
"DigitalCredential">[[\DiscoverFromExternalSource]](origin, options,
sameOriginWithAncestors)</dfn> internal method MUST:
</p>
<ol class="algorithm">
<li>Let |global| be [=this=]'s [=relevant global object=].
</li>
<li>Let |document| be |global|'s [=associated `Document`=].
</li>
<li>If |document| is not a [=Document/fully active descendant of a
top-level traversable with user attention=], [=exception/throw=]
{{"NotAllowedError"}} {{DOMException}}.
</li>
<li>If |window| does not have [=transient activation=],
[=exception/throw=] {{"NotAllowedError"}} {{DOMException}}.
</li>
<li>[=Consume user activation=] of |window|.
</li>
<li>
<aside class="issue">
Details of how to actually get the [=digital credential=] are
forthcoming.
</aside>
</li>
<li>Return a {{DigitalCredential}}.
</li>
</ol>
<h3>
[[\Store]](credential, sameOriginWithAncestors) internal method
</h3>