A proposed web standard for verifying email addresses without sending verification emails or leaving the current page. The protocol uses DNS delegation, SD-JWT tokens with key binding, and browser mediation to enable mail domains to delegate verification to an issuer. The browser requests a token from the issuer using authentication cookies, verifies it, and provides it to the web application. This approach enhances privacy by preventing issuers from learning which applications users are accessing, while eliminating the friction of traditional email verification flows that cause user drop-off.
Table of contents
Key ConceptsUser Experience1. Email Request2. Email Selection3. Token Request4. Token Issuance4.5 Error Responses5. Token Presentation6. Token VerificationJS API for Providing the EmailPasskey AuthenticationUse .wellknown for Mail Domain delegation to Issuer2 Comments
Sort: