- From: Stephen McGruer <smcgruer@google.com>
- Date: Fri, 13 Jan 2023 09:08:30 -0500
- To: Web Payments Working Group <public-payments-wg@w3.org>
- Message-ID: <CADY3MaeO026wdO_VtOePe_4mtR5oRdaAbg4f2hVAQqwRbBrpdQ@mail.gmail.com>
Hey folks, As you may recall, the working group resolved in issue 191 <https://github.com/w3c/secure-payment-confirmation/issues/191> to rename the 'rp' parameter in the output CollectedClientAdditionalPaymentData <https://w3c.github.io/secure-payment-confirmation/#sctn-collectedclientadditionalpaymentdata-dictionary> cryptogram dictionary to 'rpId', in order to align with WebAuthn. On the implementation side, we added 'rpId' to the dictionary in Chrome M107 (reached Stable channel on Oct 25, 2022), and we are now preparing to remove the old 'rp' field <https://groups.google.com/u/1/a/chromium.org/g/blink-dev/c/_KGnT-jJyPA> in M113 (will reach Stable channel around Apr 26, 2023). You can preview the new behavior (with the 'rp' field removed) by passing --enable-features=SecurePaymentConfirmationRemoveRpField to Chrome Canary (in any build after this CL <https://chromium-review.googlesource.com/c/chromium/src/+/4143835> has rolled out) *Action required*, if you process SPC-produced cryptograms either in your client or server code: instead of reading 'rp' from the CollectedClientAdditionalPaymentData dictionary, read the 'rpId' field instead. The field contents are identical. This change can be made in your code *today*, and will work for any cryptogram produced by Chrome M107 or newer. Thanks, Stephen -- smcgruer • he / him
Received on Friday, 13 January 2023 14:08:54 UTC