Having just started testing FedCM implementation as an RP, I added it to a development variant of my login page by being invoked at page load-time. I was, however, surprised to see this work at first attempt, since I also invoke WebAuthn conditional mediation at page load-time, and since both of those go through navigator.credentials.get, and navigator.redentials.get, as per the CredMan spec, only allows one outstanding call at a time, I was expecting one of them to fail, but neither did.
Of course, I'm not really complaining; I find this to be a good thing, but it makes me wonder if FedCM is compatible with the CredMan spec and whether this will change in the future as the implementation is tightened up. In fact, I filed an issue with WebAuthn about concurrent requests a while ago, so if this is in fact possible, I'd like to let them know. ;)
If this is in fact an implementation miss and is going to be removed in the future, will it be possible to do FedCM authentication and modal WebAuthn on the same page?
Reading CredMan again, I realized it allows one outstanding request per credential type, rather than one request globally, so it wasn't the issue I thought it was. Sorry for the noise!
Having just started testing FedCM implementation as an RP, I added it to a development variant of my login page by being invoked at page load-time. I was, however, surprised to see this work at first attempt, since I also invoke WebAuthn conditional mediation at page load-time, and since both of those go through
navigator.credentials.get
, andnavigator.redentials.get
, as per the CredMan spec, only allows one outstanding call at a time, I was expecting one of them to fail, but neither did.Of course, I'm not really complaining; I find this to be a good thing, but it makes me wonder if FedCM is compatible with the CredMan spec and whether this will change in the future as the implementation is tightened up. In fact, I filed an issue with WebAuthn about concurrent requests a while ago, so if this is in fact possible, I'd like to let them know. ;)
If this is in fact an implementation miss and is going to be removed in the future, will it be possible to do FedCM authentication and modal WebAuthn on the same page?