WebAuthn: Allow for credential creation in a cross-origin iframe #304
Assignees
Comments
|
@pascoej @rmondello, do either of you have opinions? |
|
Is there any way to detect support without calling |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
WebKittens
No response
Title of the spec
WebAuthn: allow for credential creation in a cross-origin iframe
URL to the spec
https://w3c.github.io/webauthn/#publickey-credentials-create-feature
URL to the spec's repository
https://github.com/w3c/webauthn
Issue Tracker URL
No response
Explainer URL
No response
TAG Design Review URL
No response
Mozilla standards-positions issue URL
No response
WebKit Bugzilla URL
No response
Radar URL
No response
Description
Hi WebKittens :)
I'm requested a formal standards position on the ability to create a credential in a cross-origin iframe in WebAuthn. This was added to the spec in w3c/webauthn#1801, after having been discussed in w3c/webauthn#1656 as well as in WebAuthn Working Group meetings.
This feature allows web developers to create WebAuthn credentials (that is, "publickey" credentials, aka passkeys) in cross-origin iframes. This will allow developers to create passkeys in embedded scenarios, such as after an identity step-up flow where the Relying Party is providing a federated identity experience. Two conditions are required for this new ability, for security reasons:
The text was updated successfully, but these errors were encountered: