Adds support for WebOTP API calls from cross-origin iframes if enabled by a permission policy.

Motivation

The WebOTP API gives developers the ability to programmatically read one time codes from specially-formatted SMSes addressed to their origin to reduce user friction. Many sites embed iframes that handle authentication for them. We propose to support the API in cross-origin iframes to address feature requests from the web developer community (e.g. Shopify, iCloud) and improve interoperability.

Demo

• https://output.jsbin.com/gilusuq/quiet

Documentation

• https://docs.google.com/document/d/14ywccbPExCt3wOEvGecIVK_dNbCWSRdS73PFWjNEHXA/edit?usp=sharing&resourcekey=0-F7caH35aXeHNwPoEB7Y-sw

Specification

Editor's draft

Status in Chromium

Blink components: Blink

In developer trial (Behind a flag) (tracking bug) in:

• Chrome for Android release 91

Consensus & Standardization

• Firefox: No signal
• Edge: No signal
• Safari: No signal
• Web Developers: No signals

Owners

• yigu@chromium.org
• goto@chromium.org

Search tags

Last updated on 2021-02-16