New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 707900 link

Starred by 4 users

Issue metadata

Status: Available
Owner: ----
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux , Android , Windows , Chrome , Mac
Pri: 2
Type: Feature



Sign in to add a comment

Add extension hooks for credential management API

Reported by ptoom...@gmail.com, Apr 3 2017

Issue description

UserAgent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36

Steps to reproduce the problem:
1. Developer adds support for the credential management API to an application.
2. Developer cries (a little) when the feature only supports Chrome's built-in password manager.

What is the expected behavior?
Credential management API is exposed as a first class extension API.

What went wrong?
The credential management API is not accessible by extensions natively. Many users make use of third-party password managers and they all currently rely on various means of injecting JavaScript into the page to automatically fill out some element in the DOM. The credential management API brings a lot of sanity to this class of problem, and prevents plaintext creds from ever making their way into the DOM. But, unfortunately, the credential management API only accesses Chrome's built-in password store. It would be great to make it possible for extensions to register themselves as the preferred credential manager. So, when an application's own JS calls `credentials.get()`, the browser could delegate this request to an extension. 

Did this work before? No 

Does this work in other browsers? N/A

Chrome version: 57.0.2987.133 (Official Build) (64-bit)  Channel: stable
OS Version: OS X 10.12.3
Flash Version: 

This is more of a feature request. I'm not sure if this is the best "component", but I figure it is close and Mike West can move it wherever it is best to keep track of such things.
 
Labels: Needs-Triage-M57

Comment 2 by mkwst@chromium.org, Apr 5 2017

Cc: vabr@chromium.org rdevlin....@chromium.org battre@chromium.org
Components: -Blink>SecurityFeature Platform>Extensions>API Blink>SecurityFeature>CredentialManagement
Labels: -Type-Bug OS-Android OS-Chrome OS-Linux OS-Windows Type-Feature
Status: Available (was: Unconfirmed)
I agree that this would be a good thing to add, especially in the context of openyolo (https://github.com/openid/OpenYOLO-Android/blob/master/README.md).

CCing password manager and extensions folks to triage.

Comment 3 by mkwst@chromium.org, Apr 5 2017

Cc: mkwst@chromium.org

Comment 4 by vabr@chromium.org, Apr 6 2017

Cc: vasi...@chromium.org
Adding Vasilii, who leads the CM API implementation.

Comment 5 by est...@chromium.org, Nov 10 2017

Labels: Hotlist-EnamelAndFriendsFixIt

Comment 6 by est...@chromium.org, Feb 18 2018

Labels: -Hotlist-EnamelAndFriendsFixIt
Cc: -vabr@chromium.org
vabr going hobby only -> reducing involvement.
Please contact me directly in urgent matters.

Sign in to add a comment