Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Specify the mode API #660

Open
wants to merge 16 commits into
base: main
Choose a base branch
from
Open

Specify the mode API #660

Changes from 13 commits
Commits
Show all changes
16 commits
Select commit Hold shift + click to select a range
ebc24fc
Add mode for FedCM
tttzach Oct 2, 2024
4fd24da
Update index.bs
tttzach Oct 3, 2024
d34ecd0
Update index.bs
tttzach Oct 3, 2024
ce8f11e
Lint index.bs
tttzach Oct 3, 2024
2a28995
Update spec/index.bs
tttzach Oct 7, 2024
d8488b8
Update index.bs
tttzach Oct 8, 2024
1e0d0be
Update spec/index.bs
tttzach Oct 8, 2024
a477975
Update index.bs
tttzach Oct 15, 2024
c4c3d5b
Update index.bs
tttzach Oct 15, 2024
400ac7f
Update index.bs
tttzach Oct 18, 2024
cbaa2d2
Update index.bs
tttzach Oct 18, 2024
0247dd2
Update index.bs
tttzach Oct 23, 2024
71e585b
Update index.bs
tttzach Oct 23, 2024
4bf692f
Update index.bs
tttzach Oct 31, 2024
e58507b
Update index.bs
tttzach Oct 31, 2024
121f5f7
Update index.bs
tttzach Oct 31, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
65 changes: 42 additions & 23 deletions spec/index.bs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -623,8 +623,11 @@ This specification introduces an extension to the {{CredentialRequestOptions}} o
The {{IdentityCredentialRequestOptions}} contains a list of
{{IdentityProviderConfig}}s that the [=RP=] supports and has
pre-registered with (i.e. the [=IDP=] has given the [=RP=] a `clientId`).
The {{IdentityCredentialRequestOptions}} also contains a {{IdentityCredentialRequestOptionsContext}}
which the user agent can use to provide a more meaningful dialog to users.
The {{IdentityCredentialRequestOptions}} also contains an
{{IdentityCredentialRequestOptionsContext}}, which the user agent can use to
provide a more meaningful dialog to users, and an
{{IdentityCredentialRequestOptionsMode}}, which the user agent can use to
specify different behaviors or dialog types.

<xmp class=idl>
enum IdentityCredentialRequestOptionsContext {
Expand All @@ -634,9 +637,15 @@ enum IdentityCredentialRequestOptionsContext {
"continue"
};

enum IdentityCredentialRequestOptionsMode {
"active",
"passive"
};

dictionary IdentityCredentialRequestOptions {
required sequence<IdentityProviderRequestOptions> providers;
IdentityCredentialRequestOptionsContext context = "signin";
IdentityCredentialRequestOptionsMode mode = "passive";
};
</xmp>

Expand Down Expand Up @@ -774,27 +783,35 @@ To <dfn>create an IdentityCredential</dfn> given an {{IdentityProviderRequestOpt
or a pair (failure, bool), where the bool indicates whether to skip delaying
the exception thrown.
1. Assert: These steps are running [=in parallel=].
1. Let |mode| be |options|'s {{IdentityCredentialRequestOptions/mode}}.
1. Let |globalObject| be the [=current global object=].
tttzach marked this conversation as resolved.
Show resolved Hide resolved
1. Let |W| be |globalObject|'s [=associated Window=].
tttzach marked this conversation as resolved.
Show resolved Hide resolved
1. If |mode| is [=active=]:
1. If |W| does not have [=transient activation=], return (failure, true).
1. Otherwise, and if there is a pending request on |W|'s top-level browsing
tttzach marked this conversation as resolved.
Show resolved Hide resolved
context where |mode| is [=passive=], reject the previous request.
tttzach marked this conversation as resolved.
Show resolved Hide resolved
1. Let |loginStatus| be the result of [=get the login status=] with
tttzach marked this conversation as resolved.
Show resolved Hide resolved
the [=/origin=] of |provider|'s {{IdentityProviderConfig/configURL}}.
1. If |loginStatus| is [=unknown=], a user agent MAY set it to [=logged-out=].
1. If |loginStatus| is [=logged-out=], the user agent MUST do one of the following:

* Return (failure, false).
* Prompt the user whether to continue. If the user continues, the user
agent SHOULD set |loginStatus| to [=unknown=]. This MAY include an
affordance to [=show an IDP login dialog=].

* If the user cancels this dialog, return (failure, true).
* If the user triggers this affordance:
1. Let |config| be the result of running [=fetch the config file=]
with |provider| and |globalObject|.
1. If |config| is failure, return (failure, true).
1. [=Show an IDP login dialog=] with |config| and |provider|.
1. If that algorithm returns failure, return (failure, true).

Issue: We should perhaps provide a way to let the [=RP=] request that
the second option is provided, possibly gated on a user gesture.
See [this issue](https://github.com/fedidcg/FedCM/issues/442) for discussion.
1. If |loginStatus| is [=logged-out=]:
1. If |mode| is [=active=]:
1. Let |config| be the result of running [=fetch the config file=]
with |provider| and |globalObject|.
1. If |config| is failure, return (failure, true).
1. [=Show an IDP login dialog=] with |config| and |provider|.
1. If that algorithm returns failure, return (failure, true).
1. Otherwise, the user agent MUST do one of the following:
* Return (failure, false).
* Prompt the user whether to continue. If the user continues, the user
agent SHOULD set |loginStatus| to [=unknown=]. This MAY include an
affordance to [=show an IDP login dialog=].
* If the user cancels this dialog, return (failure, true).
* If the user triggers this affordance:
1. Let |config| be the result of running [=fetch the config file=]
tttzach marked this conversation as resolved.
Show resolved Hide resolved
with |provider| and |globalObject|.
1. If |config| is failure, return (failure, true).
1. [=Show an IDP login dialog=] with |config| and |provider|.
1. If that algorithm returns failure, return (failure, true).
1. Let |requiresUserMediation| be |provider|'s {{IdentityProviderConfig/configURL}}'s [=/origin=]'s
[=requires user mediation=].
1. Let |mediation| be |options|'s {{CredentialRequestOptions/mediation}}.
Expand Down Expand Up @@ -884,7 +901,8 @@ the exception thrown.
1. If [=compute the connection status=] of |account|, |provider| and |globalObject| returns
[=compute the connection status/connected=], show a dialog to request user permission to sign
in via |account|, and set the result in |permission|. The user agent MAY use |options|'s
{{IdentityCredentialRequestOptions/context}} to customize the dialog.
{{IdentityCredentialRequestOptions/context}} and |options|'s
{{IdentityCredentialRequestOptions/mode}} to customize the dialog.
1. Otherwise, let |permission| be the result of running [=request permission to sign-up=]
algorithm with |account|, |config|, |provider|, and |globalObject|. Also set
|disclosureTextShown| to true.
Expand Down Expand Up @@ -1290,8 +1308,9 @@ an {{IdentityProviderAPIConfig}} |config|, an {{IdentityProviderRequestOptions}}
is defined, and the |provider|'s {{IdentityProviderConfig/clientId}} is not in the list of
|account|["{{IdentityProviderAccount/approved_clients}}"], then the user agent MUST display
the |metadata|["{{IdentityProviderClientMetadata/terms_of_service_url}}"] link.
1. The user agent MAY use the {{IdentityCredentialRequestOptions/context}} to customize the
dialog shown.
1. The user agent MAY use the
tttzach marked this conversation as resolved.
Show resolved Hide resolved
{{IdentityCredentialRequestOptions/context}} and |options|'s
{{IdentityCredentialRequestOptions/mode}} to customize the dialog shown.
1. If the user does not grant permission, return false.
1. [=Create a connection between the RP and the IdP account=] with |provider|, |account|, and
|globalObject|.
Expand Down
Loading