This is an experimental technology
Check the Browser compatibility table carefully before using this in production.
The Credential Management API lets a website store and retrieve both user and federated credentials. These capabilities allow users to sign in without typing passwords, see the federated account they used to sign in to a site, and resume a session without the explicit sign-in flow of an expired session.
This API lets websites interact with a user agent’s password system so that websites can deal in a uniform way with site credentials and user agents can provide better assistance with the management of their credentials. For example, user agents have a particularly hard time dealing with federated identity providers or esoteric sign-in mechanisms that use more than just a username and password. To address these problems, the Credential Management API provides ways for a website to store and retrieve different types of password credentials. This give users capabilities such as seeing the federated account they used to sign on to a site, or resuming a session without the explicit sign-in flow of an expired session.
This API is restricted to top-level contexts. Calls to get()
and store()
within an <iframe>
element will resolve without effect.
The init
parameter of the fetch
event has a property called credentials
. In browsers that support the Credential Management API, this property has been enhanced to take a credential object (either FederatedCredential
or PasswordCredential
).
Later version of the spec allow credentials to be retrieved from a different subdomain. For example, a password stored in login.example.com
may be used to log in to www.example.com
. To take advantage of this, a password must be explicitly stored by calling CredentialsContainer.stored()
. This is sometimes referred to as public suffix list (PSL) matching; however the spec only recommends using PSL to determine the effective scope of a credential. It does not require it. Hence browsers may vary in their implementation.
Credential
CredentialsContainer
Navigator.credentials
.FederatedCredential
PasswordCredential
Specification | Status | Comment |
---|---|---|
Credential Management Level 1 | Editor's Draft | Initial definition. |
Feature | Chrome | Firefox (Gecko) | Internet Explorer | Opera | Safari (WebKit) |
---|---|---|---|---|---|
Basic support | 51 | No support | No support | 44 | No support |
Subdomain-shared credentials | 57 | No support | No support | 44 | No support |
Feature | Android Webview | Chrome for Android | Firefox Mobile (Gecko) | Firefox OS | IE Phone | Opera Mobile | Safari Mobile |
---|---|---|---|---|---|---|---|
Basic support | 51 | 51 | No support | No support | No support | 44 | No support |
Subdomain-shared credentials | 57 | 57 | No support | No support | No support | 44 | No support |
© 2005–2018 Mozilla Developer Network and individual contributors.
Licensed under the Creative Commons Attribution-ShareAlike License v2.5 or later.
https://developer.mozilla.org/en-US/docs/Web/API/Credential_Management_API