Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Specify the mode API #660

Merged
merged 17 commits into from
Nov 18, 2024
65 changes: 42 additions & 23 deletions spec/index.bs
Original file line number Diff line number Diff line change
Expand Up @@ -623,8 +623,11 @@ This specification introduces an extension to the {{CredentialRequestOptions}} o
The {{IdentityCredentialRequestOptions}} contains a list of
{{IdentityProviderConfig}}s that the [=RP=] supports and has
pre-registered with (i.e. the [=IDP=] has given the [=RP=] a `clientId`).
The {{IdentityCredentialRequestOptions}} also contains a {{IdentityCredentialRequestOptionsContext}}
which the user agent can use to provide a more meaningful dialog to users.
The {{IdentityCredentialRequestOptions}} also contains an
{{IdentityCredentialRequestOptionsContext}}, which the user agent can use to
provide a more meaningful dialog to users, and an
{{IdentityCredentialRequestOptionsMode}}, which the user agent can use to
specify different behaviors or dialog types.

<xmp class=idl>
enum IdentityCredentialRequestOptionsContext {
Expand All @@ -634,9 +637,15 @@ enum IdentityCredentialRequestOptionsContext {
"continue"
};

enum IdentityCredentialRequestOptionsMode {
"active",
"passive"
};

dictionary IdentityCredentialRequestOptions {
required sequence<IdentityProviderRequestOptions> providers;
IdentityCredentialRequestOptionsContext context = "signin";
IdentityCredentialRequestOptionsMode mode = "passive";
};
</xmp>

Expand Down Expand Up @@ -774,27 +783,35 @@ To <dfn>create an IdentityCredential</dfn> given an {{IdentityProviderRequestOpt
or a pair (failure, bool), where the bool indicates whether to skip delaying
the exception thrown.
1. Assert: These steps are running [=in parallel=].
1. Let |mode| be |options|'s {{IdentityCredentialRequestOptions/mode}}.
1. Let |globalObject| be the [=current global object=].
tttzach marked this conversation as resolved.
Show resolved Hide resolved
1. Let |W| be |globalObject|'s [=associated Window=].
tttzach marked this conversation as resolved.
Show resolved Hide resolved
1. If |mode| is [=active=]:
1. If |W| does not have [=transient activation=], return (failure, true).
1. Otherwise, and if there is a pending request on |W|'s top-level browsing
tttzach marked this conversation as resolved.
Show resolved Hide resolved
context where |mode| is [=passive=], reject the previous request.
tttzach marked this conversation as resolved.
Show resolved Hide resolved
1. Let |loginStatus| be the result of [=get the login status=] with
tttzach marked this conversation as resolved.
Show resolved Hide resolved
the [=/origin=] of |provider|'s {{IdentityProviderConfig/configURL}}.
1. If |loginStatus| is [=unknown=], a user agent MAY set it to [=logged-out=].
1. If |loginStatus| is [=logged-out=], the user agent MUST do one of the following:

* Return (failure, false).
* Prompt the user whether to continue. If the user continues, the user
agent SHOULD set |loginStatus| to [=unknown=]. This MAY include an
affordance to [=show an IDP login dialog=].

* If the user cancels this dialog, return (failure, true).
* If the user triggers this affordance:
1. Let |config| be the result of running [=fetch the config file=]
with |provider| and |globalObject|.
1. If |config| is failure, return (failure, true).
1. [=Show an IDP login dialog=] with |config| and |provider|.
1. If that algorithm returns failure, return (failure, true).

Issue: We should perhaps provide a way to let the [=RP=] request that
the second option is provided, possibly gated on a user gesture.
See [this issue](https://github.com/fedidcg/FedCM/issues/442) for discussion.
1. If |loginStatus| is [=logged-out=]:
1. If |mode| is [=active=]:
1. Let |config| be the result of running [=fetch the config file=]
with |provider| and |globalObject|.
1. If |config| is failure, return (failure, true).
1. [=Show an IDP login dialog=] with |config| and |provider|.
1. If that algorithm returns failure, return (failure, true).
1. Otherwise, the user agent MUST do one of the following:
* Return (failure, false).
* Prompt the user whether to continue. If the user continues, the user
agent SHOULD set |loginStatus| to [=unknown=]. This MAY include an
affordance to [=show an IDP login dialog=].
* If the user cancels this dialog, return (failure, true).
* If the user triggers this affordance:
1. Let |config| be the result of running [=fetch the config file=]
tttzach marked this conversation as resolved.
Show resolved Hide resolved
with |provider| and |globalObject|.
1. If |config| is failure, return (failure, true).
1. [=Show an IDP login dialog=] with |config| and |provider|.
1. If that algorithm returns failure, return (failure, true).
1. Let |requiresUserMediation| be |provider|'s {{IdentityProviderConfig/configURL}}'s [=/origin=]'s
[=requires user mediation=].
1. Let |mediation| be |options|'s {{CredentialRequestOptions/mediation}}.
Expand Down Expand Up @@ -884,7 +901,8 @@ the exception thrown.
1. If [=compute the connection status=] of |account|, |provider| and |globalObject| returns
[=compute the connection status/connected=], show a dialog to request user permission to sign
in via |account|, and set the result in |permission|. The user agent MAY use |options|'s
{{IdentityCredentialRequestOptions/context}} to customize the dialog.
{{IdentityCredentialRequestOptions/context}} and |options|'s
{{IdentityCredentialRequestOptions/mode}} to customize the dialog.
1. Otherwise, let |permission| be the result of running [=request permission to sign-up=]
algorithm with |account|, |config|, |provider|, and |globalObject|. Also set
|disclosureTextShown| to true.
Expand Down Expand Up @@ -1290,8 +1308,9 @@ an {{IdentityProviderAPIConfig}} |config|, an {{IdentityProviderRequestOptions}}
is defined, and the |provider|'s {{IdentityProviderConfig/clientId}} is not in the list of
|account|["{{IdentityProviderAccount/approved_clients}}"], then the user agent MUST display
the |metadata|["{{IdentityProviderClientMetadata/terms_of_service_url}}"] link.
1. The user agent MAY use the {{IdentityCredentialRequestOptions/context}} to customize the
dialog shown.
1. The user agent MAY use the
tttzach marked this conversation as resolved.
Show resolved Hide resolved
{{IdentityCredentialRequestOptions/context}} and |options|'s
{{IdentityCredentialRequestOptions/mode}} to customize the dialog shown.
1. If the user does not grant permission, return false.
1. [=Create a connection between the RP and the IdP account=] with |provider|, |account|, and
|globalObject|.
Expand Down
Loading