You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I'm requested a formal standards position on the ability to create a credential in a cross-origin iframe in WebAuthn. This was added to the spec in w3c/webauthn#1801, after having been discussed in w3c/webauthn#1656 as well as in WebAuthn Working Group meetings.
This feature allows web developers to create WebAuthn credentials (that is, "publickey" credentials, aka passkeys) in cross-origin iframes. This will allow developers to create passkeys in embedded scenarios, such as after an identity step-up flow where the Relying Party is providing a federated identity experience. Two conditions are required for this new ability, for security reasons:
The iframe has a publickey-credentials-create-feature permission policy.
The iframe has transient user activation.
The text was updated successfully, but these errors were encountered:
WebKittens
No response
Title of the spec
WebAuthn: allow for credential creation in a cross-origin iframe
URL to the spec
https://w3c.github.io/webauthn/#publickey-credentials-create-feature
URL to the spec's repository
https://github.com/w3c/webauthn
Issue Tracker URL
No response
Explainer URL
No response
TAG Design Review URL
No response
Mozilla standards-positions issue URL
No response
WebKit Bugzilla URL
No response
Radar URL
No response
Description
Hi WebKittens :)
I'm requested a formal standards position on the ability to create a credential in a cross-origin iframe in WebAuthn. This was added to the spec in w3c/webauthn#1801, after having been discussed in w3c/webauthn#1656 as well as in WebAuthn Working Group meetings.
This feature allows web developers to create WebAuthn credentials (that is, "publickey" credentials, aka passkeys) in cross-origin iframes. This will allow developers to create passkeys in embedded scenarios, such as after an identity step-up flow where the Relying Party is providing a federated identity experience. Two conditions are required for this new ability, for security reasons:
The text was updated successfully, but these errors were encountered: