-
Notifications
You must be signed in to change notification settings - Fork 2.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Autocomplete value for username OR user email address #4445
Comments
For example, Chromium has official advice for an “email-first” login flow. Its examples are… not very intuitive, which suggests that there isn’t an elegant way to implement this common login pattern using the current <style>
#emailfield { display: none; }
</style>
<form id="login" action="login.php" method="post">
<input id="emailfield" type="text" value="me@example.test" autocomplete="username">
<input type="password" autocomplete="current-password">
<input type="submit" value="Sign In!">
</form> |
The intent of the spec is that you can indeed have a username that happens to be of the form x@y.com. So using autocomplete=username makes sense. We can add a clarifying note. |
Oh, excellent. Something like “the user identifier part of a login, usually a username, but also possibly an email address or ID number”? (My bank uses the latter) |
I'm not a big fan of phrasing which implies that usernames are distinct from email addresses or ID numbers. I'd rather talk about how usernames come in many forms, sometimes with @ signs in the middle, sometimes all-numeric, etc. |
Gotcha. And in the case of needing to disambiguate a username specifically, like in a signup form, that’s a job for |
I don't know what you mean by "username specifically". If you mean "a username which does not allow numbers or @ signs", that seems like a job for |
Sorry for being unclear. I mean something like the screen name, like how you have |
Right. That's a username too. |
So for something like this:
Is |
It is not correct. You should use |
Gotcha. I don’t think I understand the philosophy perfectly, so I can’t offer a sample note, but I definitely would appreciate a clarifying note. |
@domenic the way nickname is defined could probably use some clarification too then; "screen name" and "handle" makes it sound like it could be your IRC nick. (I also suspect it shouldn't matter as long as you're consistent within your site, but if the user has consistent usernames across sites, it might help if all sites used the same convention.) |
Possibly relevant: Google Chrome’s dev console says this when encountering a login field without an
Is this dual-token approach compatible with your advice? |
That does not match the requirements for an autofill detail token so that's rather bad if Chrome indeed supports that: https://html.spec.whatwg.org/#autofill-detail-tokens. |
It’s even worse that they suggest it, then. Should I open a Chrome bug, or is this the sort of minor issue that requires a Googler to get on the radar? |
@tigt please file a bug and (maybe) cross-link it. Would definitely be good to know if they don't follow the standard at all intentionally or if this was an oversight in the messaging. |
Issue raised at Chrome bug #973,162. |
Thanks for raising this. I took a quick glance at the code and as far as I can see, Chrome would not interpret this correctly. We parse autocomplete attributes in two locations and both look for something that is more aligned with the spec. |
Chrome's change has landed. https://bugs.chromium.org/p/chromium/issues/detail?id=973162#c13 |
Great! So the main outstanding thing here is clarifying nickname I think: #4445 (comment). |
How about a note such as:
I don’t quite know how to word the disambiguation between Lastly, do you think a sample login/signup form would be a good example for this part of the spec? It would have answered my question immediately, at least. |
A note, and an example, sounds great to me! A pull request would be most welcome. The example for "nickname" (Tim) vs. "username" (timbl) seems to make the intent fairly clear. For example, in Slack, my nickname (they call it "Display name") is "Domenic", whereas my username is d@domenic.me, and my name is "Domenic Denicola". |
coming in late, but: while you may not be a big fan of the phrasing, there are indeed sites out there in the wild that do make that distinction themselves - your account has a defined username, plus a separate email address, but they let you log in using either one. some sites even go further and allow you to enter other "unique" (arguable) pieces of information...as an example, twitter's login currently has the first field allowing phone, email and username. it would be nice to have a way to express the fact that a field can take various different (but equally valid) pieces of autocomplete/autofill content |
Sure. In that case they would use both username and email autofill. My comment is specifically designed to clear up the confusion where some people though that they couldn't use "username" autofill when the username might contain an @ sign. |
@domenic you cannot use both at the moment. |
I was just stating that if
then those two fields would each use the appropriate autofill token. |
I see @domenic’s point that
Is there a way to express a hint for this useful (to me, anyway) behavior? |
I don't think there is and that would require adding support for multiple values somehow |
@annevk: After thinking about it, my use-case seems like it happens more for a sign-up form, which in the wild seem to be perfectly fine with multiple (sometimes optional) input fields, like so: <input autocomplete=username required>
<input type=email required>
<input type=tel> That said, my original use-case is valid for the case of shared devices/browsers with only partially-remembered information (autofill from OS knowledge, for example). If this ever comes up again, comma-separating |
For best results with current browsers (mostly referring to Firefox and Chrome),
Btw. I would prefer that we suggest that
Having to differentiate |
Could this be added to the documentation? I think having a field that accepts any of username, email, phone as an identifier in a login form is common enough to warrant some guidance. |
@micDropper I’d be happy with that — my specific words on blocked on bureaucracy, so I can’t legally submit them yet. |
Many login forms accept a username or email address to log in with. For example, GitHub’s login page:
I’m implementing a login form that does exactly this, but the spec doesn’t seem to address how to mark this up.
Should there be a value for the
autocomplete
attribute for this use-case, likeautocomplete="username-or-email"
?If a browser/password manager already has a username stored, but its heuristics would otherwise identify the first field as the user’s email, the
autocomplete
value could help disambiguate that either are acceptable, avoiding prompting the user. This also applies if the user’s email is already known, but the heuristics misfire in the opposite direction.Software could autosuggest (like how mobile keyboards do) a known user email even without an explicit
<input type="email">
orinputmode="email"
. These attributes could have consequences since HTML form validation is not powerful enough for “either text or a valid email”.If the existing
autocomplete=username
value is sufficient for this use-case, depending on how you interpret what a “username” is, it would be nice to have a note in the spec saying so.The text was updated successfully, but these errors were encountered: