Currently, if no IdPs registered in the past, the browser reveals to the RP that fact, which could potentially be a breach of the user's privacy.
const credential = await navigator.credentials.get({
identity: {
providers: [{
configURL: "any" // throws if no IdP has called IdentityProvider.register() ahead of time. Should it?
}]
}
});
I'm not sure what the answer is, but I ran into this while testing this, so should be easily reproducible:
Currently, if no IdPs registered in the past, the browser reveals to the RP that fact, which could potentially be a breach of the user's privacy.
I'm not sure what the answer is, but I ran into this while testing this, so should be easily reproducible:
https://x.com/samuelgoto/status/1793776387356340357