The Credential Management API lets a website store and retrieve user, federated, and public key credentials. These capabilities allow users to sign in without typing passwords, see the federated account they used to sign in to a site, and resume a session without the explicit sign-in flow of an expired session.
This API lets websites interact with a user agent’s password system so that websites can deal in a uniform way with site credentials and user agents can provide better assistance with the management of their credentials. For example, user agents have a particularly hard time dealing with federated identity providers or esoteric sign-in mechanisms that use more than just a username and password. To address these problems, the Credential Management API provides ways for a website to store and retrieve different types of credentials. This give users capabilities such as seeing the federated account they used to sign on to a site, or resuming a session without the explicit sign-in flow of an expired session.
This API is restricted to top-level contexts. Calls to
store() within an
<iframe> element will resolve without effect.
Later version of the spec allow credentials to be retrieved from a different subdomain. For example, a password stored in
login.example.com may be used to log in to
www.example.com. To take advantage of this, a password must be explicitly stored by calling
CredentialsContainer.store(). This is sometimes referred to as public suffix list (PSL) matching; however the spec only recommends using PSL to determine the effective scope of a credential. It does not require it. Hence browsers may vary in their implementation.
|Credential Management Level 1||Working Draft||Initial definition.|
|Web Authentication: An API for accessing Public Key Credentials Level 1||Candidate Recommendation||Initial definition.|
We're converting our compatibility data into a machine-readable JSON format. This compatibility table still uses the old format, because we haven't yet converted the data it contains. Find out how you can help!
|Feature||Chrome||Firefox (Gecko)||Internet Explorer||Opera||Safari (WebKit)|
|Basic support||51||No support||No support||44||No support|
|Subdomain-shared credentials||57||No support||No support||44||No support|
|Web authentication||65||Nightly build||No support||No support||No support|
|Feature||Android Webview||Chrome for Android||Firefox Mobile (Gecko)||Firefox OS||IE Phone||Opera Mobile||Safari Mobile|
|Basic support||51||51||No support||No support||No support||44||No support|
|Subdomain-shared credentials||57||57||No support||No support||No support||44||No support|
|Web authentication||No support||No support||No support||No support||No support||No support||No support|
 Behind the chrome://flags#enable-webauthentication flag. (This only works as a link in Chrome.)
© 2005–2018 Mozilla Developer Network and individual contributors.
Licensed under the Creative Commons Attribution-ShareAlike License v2.5 or later.