Allow selecting an account without email addresses #639
Comments
|
The proposal that occurred to @solatsuta @cbiesinger and I in this thread was to:
Here is an example of a valid accounts endpoint response: {
"accounts": [{
"id": "1234",
"name": "John Doe",
// For example, if an IdP has id + email as uniq, has to match emails
"email": "[email protected]",
// For example, if an IdP has id + phone as uniq, has to be numeric
"phone_number": "(630) 023-3243",
// For example, if an IdP has id + name as uniq, can't contain spaces
"username": "john_doe_123456789",
// For example, if an IdP has id + nickname as uniq, can't contain spaces
"username": "Jack",
"picture": "https://idp.example/profile/123",
"approved_clients": ["123", "456", "789"],
"login_hints": ["john_doe"],
"domain_hints": ["idp.example"],
}]
}One open design question is whether to accept an alternative general purpose arbitrary string (e.g. This proposal is independent of, but complementary to, w3c-fedid/custom-requests#4, which controls not |
|
Just to report back to this thread: we discussed this in the last CG call and got no objections to this. @hlflanagan made a suggestion to make the alternative a "general purpose" display name, rather than something as specific as "phone number" or "username", which seemed reasonable in the CG call. more details in the notes. The next steps are to gather some implementation experience here and send a spec PR if that goes well. |
what about "display name"? |
Yep, I like |
|
I like "display name" because it makes it clear it's not meant to be a globally unique identifier. |
|
Somewhere, it will need to be made plain where this "display name" is used, and for what — so that the user doesn't set two "display names" to the same value, which makes it impossible to select "the right one", i.e., "the one associated with the right IdP". I will often choose my display name to be |
|
I don't know if it's spelled out in the spec, but at least the current implementation also displays the URL of the website the account is from, so using the same display name in two different IDPs isn't a problem to disambiguate. |
We display the URL of the website the account is from AND the IdP logo overlaid over the profile picture. See example below: 
|
|
I personally prefer the original proposal (in this issue) to |
|
my concern with |
|
Hmm yea. What is the semantics of the string you are thinking about? |
|
If I remember correctly, this string is only used to show to the user in the UI, and it's a separate |
|
This is partially correct. Currently, the field is email and it is used both to let the user know which account they are selecting as well as in the disclosure text. I guess the question is whether there is a reason to show a display string which cannot possibly be part of the disclosure text for some reason? |
I believe so: @solatsuta runs an IdP that I believe should be able to disambiguate accounts by a "gamer tag" (so, would want to use a |
|
I mean that seems to fit the |
|
I think the suggestion from @hlflanagan in the CG call and from @bc-pi and @aaronpk in this thread is to support @hlflanagan brought up a use case in libraries (do i get this right, @hlflanagan ?) where library card numbers are human readable but aren't necessarily guaranteed to be globally unique usernames (e.g. they can be globally unique within a library district but not in the system). Same goes for "gamer tags": they don't necessarily need to be globally unique, but they are still useful for account disambiguation. |
|
Using a 'display name' that could be repeated in multiple accounts of the same IDP would be a downside, not something I would want to encourage. Because then some users would have no way to know which account they are selecting. This is my problem with this string: sure it does allow arbitrary use cases, but it is vague enough that it encourages developers to put arbitrary data there, perhaps data that would often not be enough to disambiguate accounts. |
|
Just for reference of some existing art, WebAuthn credentials use the following structure: "user": {
"id": "Iur3CDuIU6INagDNqCSw5jbskmjNJXnmiQvBSDA5cpY",
"name": "[email protected]",
"displayName": "Tim Cappalli"
}
Just a note, I do have this as an item for the larger discussion at TPAC: w3c/tpac2024-breakouts#49 |
There are few related discussions here (privacysandbox/privacy-sandbox-dev-support#379 (comment), #317 , #227, #607 and w3c-fedid/custom-requests#4), but I'm going try to untangle and isolate something that I think is self contained (and will resolve parts of the issues listed above).
There is one problem across these many issues that, currently,
emailis a required field in theIdentityProviderAccountdictionary used in theaccounts_endpoint.emailis used in a couple of places (which is why we've been conflating problems) but one of them is that it is used in theselect accountalgorithm as a disambiguation parameter, for example: selecting one of two accounts under the samenamebut differentemailwork and personal addresses.We have heard repeatedly (example) that many IdPs don't necessarily have email addresses for their users, so they had to work around the fact that they are required, e.g. by passing an empty string or another form of username.
How should an IdP expose accounts in the accounts endpoint that don't have email addresses?
The text was updated successfully, but these errors were encountered: