-
Notifications
You must be signed in to change notification settings - Fork 22.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add a guide page on credential types #33745
Conversation
* upstream/main: (55 commits) Replace `.` with `#` in example given selectors are `#ids` (mdn#33791) update info in cross browser testing strategies (mdn#33730) Clarify that `navigator.storage.persist()` depends on heuristics (mdn#33780) fix typo (mdn#33785) feat: improvements on Glossary/Hoisting (mdn#33787) CSS update: overview of shapes guide (mdn#33771) CSS update: Shapes from box values (mdn#33770) Fix issue 033506: correct droppedEntriesCount (mdn#33538) Revert "=== Symbol("foo")" (mdn#33782) docs(css): FF126 - Support for `shape()` function (mdn#33446) Bump lint-staged from 15.2.4 to 15.2.5 (mdn#33777) Bump ajv from 8.13.0 to 8.14.0 (mdn#33776) Add missing spaces for `subtlecrypto` (mdn#33774) fix: typo in `color_and_luminca` (mdn#33775) feat: improvments on gutters (mdn#33751) FF127Relnote- data: and javascript: URLS forbidden in base HREF (mdn#33738) update the content of SVG `<view>` element (mdn#33710) Clipboard.write() - log and fixes (mdn#33769) updated ClipboardItem and Clipboard documentation and examples using … (mdn#33262) Fix error in the code snippet for Symbol (mdn#33765) ...
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@wbamberg nice work! I've had a look at it, and provided mostly text comments. The explanations of the APIs are nicely written, and mostly make sense.
files/en-us/web/api/credential_management_api/credential_types/index.md
Outdated
Show resolved
Hide resolved
files/en-us/web/api/credential_management_api/credential_types/index.md
Outdated
Show resolved
Hide resolved
files/en-us/web/api/credential_management_api/credential_types/index.md
Outdated
Show resolved
Hide resolved
|
||
> **Note:** Most browsers do not support this credential type and it is not widely used on the web. Instead, browsers automatically offer to store passwords in the password manager, and can automatically retrieve stored passwords to autofill [password input elements](/en-US/docs/Web/HTML/Element/input/password). | ||
|
||
Modern browsers provide users with a password manager, which enables users to store the passwords they enter on websites, and later retrieve them when they need to log in again. Password managers can help with password security by remembering passwords for users and autofilling them, which allows users to choose stronger passwords. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
...and also not create security risks by writing them down?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think it's overall better practice to have strong unique passwords and write them down somewhere than to have simple enough passwords that they can be remembered: https://www.schneier.com/blog/archives/2005/06/write_down_your.html.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I agree with this, but even so, it is better for security to not have to write them down at all, regardless of how strong or weak they are.
That said, I will leave it up to you whether you add it. I don't think it is that important to the narrative that I'm going to die on this hill ;-)
files/en-us/web/api/credential_management_api/credential_types/index.md
Outdated
Show resolved
Hide resolved
files/en-us/web/api/credential_management_api/credential_types/index.md
Outdated
Show resolved
Hide resolved
files/en-us/web/api/credential_management_api/credential_types/index.md
Outdated
Show resolved
Hide resolved
files/en-us/web/api/credential_management_api/credential_types/index.md
Outdated
Show resolved
Hide resolved
Co-authored-by: Chris Mills <chrisdavidmills@gmail.com>
files/en-us/web/api/credential_management_api/credential_types/index.md
Outdated
Show resolved
Hide resolved
files/en-us/web/api/credential_management_api/credential_types/index.md
Outdated
Show resolved
Hide resolved
files/en-us/web/api/credential_management_api/credential_types/index.md
Outdated
Show resolved
Hide resolved
|
||
## Passwords | ||
|
||
> **Note:** Most browsers do not support this credential type and it is not widely used on the web. Instead, browsers automatically offer to store passwords in a password manager, and can automatically retrieve stored passwords to autofill [password input elements](/en-US/docs/Web/HTML/Element/input/password). |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
So just to be clear the browser automatically stores credential types when needed/requested, and autofills forms or whatever, while the credential API just stores and gets credentials, but all the work for doing this and for populating forms has to be done by the developer?
If so, I wonder why any browser/site has implemented this.
Perhaps make first automatically italic.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Well I'm not sure, I only learned last week or so that this API isn't really used, because neither MDN nor web.dev say anything about that. One thing you can do with CM, that the browser won't do for you, is sign people in automatically. I suppose in general gives you much more control over how sign-in happens.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
As it is now the whole rationale is a bit wishy washy, but I'd say this is more than good enough for the current PR. We can find out more in a follow on.
files/en-us/web/api/credential_management_api/credential_types/index.md
Outdated
Show resolved
Hide resolved
files/en-us/web/api/credential_management_api/credential_types/index.md
Outdated
Show resolved
Hide resolved
Love it. Just a few suggestions. |
Preview URLs
External URLs (7)URL:
(comment last updated: 2024-06-03 18:17:41) |
…/index.md Co-authored-by: Hamish Willee <hamishwillee@gmail.com>
…/index.md Co-authored-by: Hamish Willee <hamishwillee@gmail.com>
…/index.md Co-authored-by: Hamish Willee <hamishwillee@gmail.com>
…/index.md Co-authored-by: Hamish Willee <hamishwillee@gmail.com>
Co-authored-by: Hamish Willee <hamishwillee@gmail.com>
OK, I think I'm done with updates to this PR, please take another look :). |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I am very happy with the fixes and whole doc.
I would merge, but not sure if @chrisdavidmills has had his final look.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is excellent, lovely work, @wbamberg!
Let's dooooo it!
🎉 thank you both! |
This PR adds a new page that's an overview guide to the different credential types supported in the Credential Management API.
@hamishwillee , @chrisdavidmills , perhaps you are interested in looking at it?