Add a guide page on credential types #33745

wbamberg · 2024-05-24T18:42:59Z

This PR adds a new page that's an overview guide to the different credential types supported in the Credential Management API.

@hamishwillee , @chrisdavidmills , perhaps you are interested in looking at it?

* upstream/main: (55 commits) Replace `.` with `#` in example given selectors are `#ids` (mdn#33791) update info in cross browser testing strategies (mdn#33730) Clarify that `navigator.storage.persist()` depends on heuristics (mdn#33780) fix typo (mdn#33785) feat: improvements on Glossary/Hoisting (mdn#33787) CSS update: overview of shapes guide (mdn#33771) CSS update: Shapes from box values (mdn#33770) Fix issue 033506: correct droppedEntriesCount (mdn#33538) Revert "=== Symbol("foo")" (mdn#33782) docs(css): FF126 - Support for `shape()` function (mdn#33446) Bump lint-staged from 15.2.4 to 15.2.5 (mdn#33777) Bump ajv from 8.13.0 to 8.14.0 (mdn#33776) Add missing spaces for `subtlecrypto` (mdn#33774) fix: typo in `color_and_luminca` (mdn#33775) feat: improvments on gutters (mdn#33751) FF127Relnote- data: and javascript: URLS forbidden in base HREF (mdn#33738) update the content of SVG `<view>` element (mdn#33710) Clipboard.write() - log and fixes (mdn#33769) updated ClipboardItem and Clipboard documentation and examples using … (mdn#33262) Fix error in the code snippet for Symbol (mdn#33765) ...

chrisdavidmills

@wbamberg nice work! I've had a look at it, and provided mostly text comments. The explanations of the APIs are nicely written, and mostly make sense.

files/en-us/web/api/credential_management_api/credential_types/index.md

chrisdavidmills · 2024-05-30T06:52:38Z

files/en-us/web/api/credential_management_api/credential_types/index.md

+
+> **Note:** Most browsers do not support this credential type and it is not widely used on the web. Instead, browsers automatically offer to store passwords in the password manager, and can automatically retrieve stored passwords to autofill [password input elements](/en-US/docs/Web/HTML/Element/input/password).
+
+Modern browsers provide users with a password manager, which enables users to store the passwords they enter on websites, and later retrieve them when they need to log in again. Password managers can help with password security by remembering passwords for users and autofilling them, which allows users to choose stronger passwords.


...and also not create security risks by writing them down?

I think it's overall better practice to have strong unique passwords and write them down somewhere than to have simple enough passwords that they can be remembered: https://www.schneier.com/blog/archives/2005/06/write_down_your.html.

I agree with this, but even so, it is better for security to not have to write them down at all, regardless of how strong or weak they are.

That said, I will leave it up to you whether you add it. I don't think it is that important to the narrative that I'm going to die on this hill ;-)

files/en-us/web/api/credential_management_api/credential_types/index.md

files/en-us/web/api/credential_management_api/index.md

Co-authored-by: Chris Mills <[email protected]>

files/en-us/web/api/credential_management_api/index.md

files/en-us/web/api/credential_management_api/credential_types/index.md

hamishwillee · 2024-05-31T00:43:18Z

files/en-us/web/api/credential_management_api/credential_types/index.md

+
+## Passwords
+
+> **Note:** Most browsers do not support this credential type and it is not widely used on the web. Instead, browsers automatically offer to store passwords in a password manager, and can automatically retrieve stored passwords to autofill [password input elements](/en-US/docs/Web/HTML/Element/input/password).


So just to be clear the browser automatically stores credential types when needed/requested, and autofills forms or whatever, while the credential API just stores and gets credentials, but all the work for doing this and for populating forms has to be done by the developer?

If so, I wonder why any browser/site has implemented this.

Perhaps make first automatically italic.

Well I'm not sure, I only learned last week or so that this API isn't really used, because neither MDN nor web.dev say anything about that. One thing you can do with CM, that the browser won't do for you, is sign people in automatically. I suppose in general gives you much more control over how sign-in happens.

As it is now the whole rationale is a bit wishy washy, but I'd say this is more than good enough for the current PR. We can find out more in a follow on.

files/en-us/web/api/credential_management_api/credential_types/index.md

hamishwillee · 2024-05-31T01:03:33Z

Love it. Just a few suggestions.

github-actions · 2024-06-03T17:43:35Z

Preview URLs

External URLs (7)

URL: /en-US/docs/Web/API/Credential_Management_API/Credential_types
Title: Credential types

https://en.wikipedia.org/wiki/Touch_ID (1 time) (Note! This may be a new URL 👀)
https://en.wikipedia.org/wiki/Windows_10 (1 time) (Note! This may be a new URL 👀)
https://en.wikipedia.org/wiki/YubiKey (1 time) (Note! This may be a new URL 👀)
https://fedidcg.github.io/FedCM/ (1 time) (Note! This may be a new URL 👀)
https://w3c.github.io/webappsec-credential-management/ (1 time) (Note! This may be a new URL 👀)
https://w3c.github.io/webauthn/ (1 time) (Note! This may be a new URL 👀)
https://wicg.github.io/web-otp/ (1 time) (Note! This may be a new URL 👀)

(comment last updated: 2024-06-03 18:17:41)

…/index.md Co-authored-by: Hamish Willee <[email protected]>

…is deprecated

…/index.md Co-authored-by: Hamish Willee <[email protected]>

Co-authored-by: Hamish Willee <[email protected]>

files/en-us/web/api/credential_management_api/index.md

wbamberg · 2024-06-03T18:21:00Z

OK, I think I'm done with updates to this PR, please take another look :).

hamishwillee

I am very happy with the fixes and whole doc.

I would merge, but not sure if @chrisdavidmills has had his final look.

chrisdavidmills

This is excellent, lovely work, @wbamberg!

Let's dooooo it!

wbamberg · 2024-06-04T15:19:24Z

🎉 thank you both!

Add a draft section on credential types

36cfd8d

github-actions bot added Content:WebAPI Web API docs size/m [PR only] 51-500 LoC changed labels May 24, 2024

wbamberg added 2 commits May 27, 2024 21:36

Credential types guide page

7d146fe

wbamberg changed the title ~~Add a draft section on credential types~~ Add a guide page on credential types May 28, 2024

wbamberg marked this pull request as ready for review May 28, 2024 17:15

wbamberg requested review from a team as code owners May 28, 2024 17:15

wbamberg requested review from Elchi3 and dipikabh and removed request for a team May 28, 2024 17:15

wbamberg added 2 commits May 28, 2024 10:48

Trim duplicated content from guide

afe9139

Merge branch 'main' into add-credential-types

082f219

wbamberg requested review from chrisdavidmills and hamishwillee and removed request for Elchi3 and dipikabh May 29, 2024 15:59

chrisdavidmills requested changes May 30, 2024

View reviewed changes

wbamberg and others added 4 commits May 30, 2024 08:56

Apply suggestions from code review

26d3944

Co-authored-by: Chris Mills <[email protected]>

Add SMS server to OTP diagram

1fabf74

Be explicit about mapping between types and interfaces

a82cec8

Try a table for credential types

13cde57

wbamberg requested a review from chrisdavidmills May 30, 2024 17:31