diff --git a/spec/index.bs b/spec/index.bs index 9ee1e37f..3335e97f 100644 --- a/spec/index.bs +++ b/spec/index.bs @@ -860,6 +860,12 @@ the exception thrown. {{IdentityProviderAccount/domain_hints}} does not [=list/contain=] |provider|'s {{IdentityProviderRequestOptions/domainHint}}. 1. If |accountList| is now empty, go to the [=mismatch dialog step=]. + 1. If |config|.{{IdentityProviderAPIConfig/accounts}}.{{IdentityProviderLabelConfig/include}} + was specified: + 1. For every |account| in |accountList|, remove |account| from |accountList| if |account|'s + {{IdentityProviderAccount/labels}} does not [=list/contain=] + |config|.{{IdentityProviderAPIConfig/accounts}}.{{IdentityProviderLabelConfig/include}}. + 1. If |accountList| is now empty, go to the [=mismatch dialog step=]. 1. For each |acc| in |accountsList|: 1. If |acc|["{{IdentityProviderAccount/picture}}"] is present, [=fetch the account picture=] with |acc| and |globalObject|. @@ -1053,6 +1059,10 @@ dictionary IdentityProviderBranding { USVString name; }; +dictionary IdentityProviderLabelConfig { + USVString include; +}; + dictionary IdentityProviderAPIConfig { required USVString accounts_endpoint; required USVString client_metadata_endpoint; @@ -1060,6 +1070,7 @@ dictionary IdentityProviderAPIConfig { required USVString login_url; USVString disconnect_endpoint; IdentityProviderBranding branding; + IdentityProviderLabelConfig accounts; }; @@ -1138,6 +1149,7 @@ dictionary IdentityProviderAccount { sequence approved_clients; sequence login_hints; sequence domain_hints; + sequence labels; }; dictionary IdentityProviderAccountList { sequence accounts; @@ -1813,6 +1825,9 @@ Every {{IdentityProviderAccount}} is expected to have members with the following :: A list of strings which correspond to all of the domain hints which match with this account. An [=RP=] can use the {{IdentityProviderRequestOptions/domainHint}} to request that only an account matching a given value or containing some domain hint is shown to the user. + : labels + :: A list of strings which give the accounts a list of labels. The config file can specify a filter + for a label string. For example: @@ -1828,7 +1843,7 @@ For example: "picture": "https://idp.example/profile/123", "approved_clients": ["123", "456", "789"], "login_hints": ["john_doe"], - "domain_hints": ["idp.example"], + "domain_hints": ["idp.example"] }, { "id": "5678", "given_name": "Johnny", @@ -1838,6 +1853,7 @@ For example: "approved_clients": ["abc", "def", "ghi"], "login_hints": ["email=johhny@idp.example", "id=5678"], "domain_hints": ["idp.example"], + "labels:" ["l1"] }] } ```