The password would be to launch the PWA application. If the password was successful, the PWA would open to the built-in URL of the PWA.
Let’s just use Gmail as an example. Say I created a PWA to launch Gmail. I’d like to password protect the PWA so that someone who sits at my laptop can’t just open Gmail and start reading.
Sure, I could log out of Gmail each time so that they’d have to have the Gmail password, but that’s a lot more work for me.