Adds support for WebOTP API calls from cross-origin iframes if enabled by a permission policy.

Motivation

The WebOTP API gives developers the ability to programmatically read one time codes from specially-formatted SMSes addressed to their origin to reduce user friction. Many sites embed iframes that handle authentication for them. We propose to support the API in cross-origin iframes to address feature requests from the web developer community (e.g. Shopify, iCloud) and improve interoperability.

Demo

Documentation

Specification

Editor's draft

Status in Chromium

Blink


Enabled by default (tracking bug) in:

  • Chrome for Android release 91

Consensus & Standardization

After a feature ships in Chrome, the values listed here are not guaranteed to be up to date.

  • Negative
  • No signal
  • Neutral
  • Positive

Owners

Search tags

webotp, web otp,

Last updated on 2021-04-14