Skip to content

Instantly share code, notes, and snippets.

@celeron55

celeron55/UWLAPI.md

Last active October 10, 2015 13:29
Show Gist options
  • Save celeron55/b9ab1124d0f18aed7a44 to your computer and use it in GitHub Desktop.
Save celeron55/b9ab1124d0f18aed7a44 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
UWLAPI.md

Unified Website Login API for Password Managers

Version 0.1 by celeron55, 2015-10-10, RFC

An API that relieves browser-integrated password managers from having to understand complex javascript-based forms.

UWLAPI

Each website that supports the Unified Website Login API provides this global object.

Websites are identified by methods already in use by password managers - i.e. protocols, domains and path names.

UWLAPI.login(username, password, callback)

username: Username, email or whatever the website uses to distinguish users. A corresponding field is commonly found in password managers.

password: Password, passphrase or some kind of a secret string the website requires for letting a user distinguished by username to log in. A corresponding field is commonly found in password managers.

callback: Callback for returning the result of the operation. It is called as function(err).

When logging in is possible, this must be provided by the website. A human-usable login form should be available at the same time.

Must be left undefined when logging in onto a website is not possible.

When called, the website should authenticate the user by eg. a secure AJAX call.

When the login fails, callback(err) is called, with err set to an object. err.toString() should return something that makes sense in English. (TBD: Localizable error codes)

When the login succeeds, the site can opt to do one or both of two things:

  • Redirect to another page. This forces the user software to re-check the login status of the website and if the login succeeded, it will behave appropriately.

  • Call callback(null). This indicates the user is now succesfully logged in.

UWLAPI.current

Optional.

If a user is currently logged in, this is the username of the user.

If nobody is currently logged in, this is null.

If the website does not implement the current functionality or does not want to show who is logged in at the moment, this is undefined.

UWLManager

Optional.

May be provided by a password manager.

UWLManager.register(username, password)

If available, can be called by a website when registering a new user or changing a password.

Asks the current password manager to store a username-password combination.

The password manager should ask for permission from the user to avoid unwanted saving of the username and password.

@celeron55
Copy link
Author

Maybe the website could optionally allow changing passwords with something like UWLAPI.changePassword(username, oldPassword, newPassword, callback).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment