search

credential-handler / authn.io

Credential Mediator Polyfill
https://github.com/w3c-ccg/credential-handler-api
Other
44 stars 8 forks source link

Try to always use localStorage / IndexedDB in 1p storage #110

Open dlongley opened 2 years ago

dlongley commented 2 years ago

In order to achieve backwards compatibility in the latest upgrade, we had to leave cookie based-storage in place for browsers that previously stored registrations / hints in 3rd party storage (where only cookies were available).

Now that we've completed the move from 3rd party storage to 1st party storage and have deprecated the hints and registrations API, we should move to stop using cookies entirely when the mediator loads in 1st party windows. Using localStorage / IndexedDB will give us more consistent behavior across browsers and better storage and persistent support. IndexedDB is perhaps available in all major browsers now.

We should implement a new mediator upgrade that will convert existing hints / registrations in 1p cookie storage to IndexedDB. At the same time, we can drastically simplify our IndexedDB database layouts. In the past we needed to create multiple databases, one per origin, to store various hints, etc (not to mention mixing localStorage + IndexedDB support).

Now that hints and registrations have been eliminated, we can simplify to a single database of the latest credential_handler information loaded from manifest.json files. The next significant mediator upgrade should have backwards compatibility code to migrate existing data to newer, cleaner database design and better storage mechanisms.

dlongley commented 1 year ago

Quoted from the other duplicate issue (#120):

It's unclear what kind of storage is available in private browsing mode across browsers. Ideally, we can remove all cookie-based storage in all cases.

For non-private browsing modes:

  • First party mode: All modern browsers have IndexedDB and we should use that with a new, simple database layout vs. the legacy layout that's been used to support a variety of storage backends.
  • Third party mode: Chrome is the only browser still using third party mode and it supported IndexedDB, so it should be used.

For private browsing modes:

  • First party mode: Always use this mode, regardless of browser. Determine if all modern browsers support IndexedDB (whether it be backed by memory store or whatever, so long as it works as long as the same private session / window is in use).