It’s Cybersecurity Awareness Month! Join our interactive training session, or learn about security and AI from 1Password experts.
Forum Discussion
Webauthn: Support of Related Origin Requests?
I am currently working on implementing Passkey authentication based on https://github.com/w3c/webauthn/wiki/Explainer:-Related-origin-requests. Chromium and Safari seem to support this feature. With ...
1P_Dave
Moderator
ModeratorI don't have any progress to share at the moment, the feature request is still open in our backlog and our team is monitoring website support for this feature in order to prioritize it accordingly in the future.
Are you building a website yourself that uses Related Origin Requests? Or have you run into websites that use it? I'd like to add your use case to the feature request to provide more details for our product team.
-Dave
I work in a project that uses Related Origin Requests.
We have the following URLs:
- https://identity.internetcomputer.org/
- https://identity.ic0.app/
- https://id.ai/
We were able to use iframes instead of ROR to get the credentials. But now we'd like to keep all credentials in one domain. Therefore, we would need to set the RP ID when creating the credential. That works well for iCloud and Google Password Manager, but not for 1Password, which means that we will be forced to open a new window for those users.
How far away is that in your roadmap?
Thanks!
- 1P_Dave
Thank you for detailing your use case! While I can't share any dates on when support for Related Origin Requests may be added, I've filed a feature request on your behalf so that our product team knows that this is something that your users need.
-Dave
PB-49566284
I may add some details as well and hope this adds some velocity :)
As llorenc , we chose to create our passkeys under a single central domain for all our brands, which collectively have seven to eight figures of active accounts. The solution is already live, and so far we are very satisfied with it, especially since the majority of our users access our services via Chromium-based browsers or Safari anyway.
Webauthn Level 3 is currently close to be an official CR (https://github.com/w3c/webauthn/milestone/32).
-D
What do you create passkeys for 1Password users? We are planning on opening a new tab.
And how do you identify 1Password users? We check whether the `navigator.credentials.get` is native code or not. What do you do?Thanks!
