Re: SPC on Chrome Android available for developer testing from Stephen McGruer on 2022-11-10 (public-payments-wg@w3.org from November 2022)

From: Stephen McGruer <smcgruer@google.com>
Date: Thu, 10 Nov 2022 13:23:28 -0500
To: Web Payments Working Group <public-payments-wg@w3.org>
Message-ID: <CADY3Mad6rcy25vy6XaZz-utNC215=hcxgagAsX2km_6nCH8eZA@mail.gmail.com>

Hey folks,

Looping back on this thread - we have now enabled SPC for Chrome Android by
default. It is available in Chrome Canary
<https://play.google.com/store/apps/details?id=com.chrome.canary&hl=en_CA&gl=US>
as
of today, and should release* in Chrome M109, which goes to Beta
<https://play.google.com/store/apps/details?id=com.chrome.beta&hl=en_CA&gl=US>
in
early December and Stable in early January. Deltas from my previous message
to this list:

   1. Android OS still does not support discoverable credentials to my
   knowledge. Use 'residentKey: preferred' (rather than required) in
   credential creation code (example
   <https://github.com/rsolomakhin/rsolomakhin.github.io/blob/master/pr/spc_util.js#L36>
   ).
   2. SPC on Chrome Android now uses credential store APIs!
      - One neat side-effect is that 'normal' WebAuthn credentials (i.e.,
      created without the SPC payment extension) still work for SPC in a
      first-party context. (Demo
      <https://rsolomakhin.github.io/pr/spc-1p-payment/>).
   3. The experimental opt-out feature is now supported for SPC on Chrome
   Android (demo <https://rsolomakhin.github.io/pr/spc-opt-out/>).

Please feel free to give it a try; feedback and/or bug reports welcome as
always :)

- Stephen

* Barring any unforeseen circumstances!

On Thu, 25 Aug 2022 at 09:28, Stephen McGruer <smcgruer@google.com> wrote:

> Hi folks,
>
> I'm excited to announce that as of Chrome Canary version 107.0.5258.0, it
> is now (once more) possible to test SPC on Chrome Android locally on your
> device.
>
> To try it out, install Chrome Canary on your Android device, and visit
> chrome://flags#enable-secure-payment-confirmation-android . Set the flag to
> 'Enabled' and choose to re-launch. After this, you can visit
> https://rsolomakhin.github.io/ or https://spc-shop-demo.glitch.me/ and
> try out our demos - or build your own!
>
> Important caveats:
>
>    1. Android does not support discoverable credentials at this time. As
>    such, you have to use 'residentKey: preferred' (rather than required) in
>    your credential creation code (example
>    <https://github.com/rsolomakhin/rsolomakhin.github.io/blob/master/pr/spc/pr.js#L193>
>    ).
>       - Setting 'preferred' for an SPC credential will only work for
>       Chrome versions M106 and above and *will throw* in older versions -
>       so if you are editing any of your own pilots/demos please make sure to
>       version-detect it.
>    2. At this time, SPC on Chrome Android is still using the user profile
>    database for credential storage, identical to desktop Chrome. However we do
>    not intend to launch this way - we are building support for SPC into the
>    Android credential store APIs and will switch to using that in the future
>    (before launch).
>    3. We do not yet support the (also experimental) opt-out feature on
>    SPC for Chrome Android. Working on it!
>    4. This functionality is very experimental. It may break or have
>    adverse effects on your device that we haven't considered yet. *Use at
>    your own risk*, and do not expect any credentials created for it to
>    work in future releases.
>
> Feedback welcome, as always. Note that we do not have a target
> date/milestone for a Chrome Android launch at this time, as it will depend
> significantly on the underlying credential store work.
>
> Thanks,
> Stephen
>
> --
> smcgruer • he / him
>


-- 
smcgruer • he / him

Received on Thursday, 10 November 2022 18:23:52 UTC