Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Specify the continuation API #662

Open
wants to merge 3 commits into
base: main
Choose a base branch
from
Open

Specify the continuation API #662

Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
01d8942
Specify the continuation API
cbiesinger Oct 2, 2024
2ceb1dd
swap order
cbiesinger Oct 7, 2024
39d9fe9
first
cbiesinger Oct 7, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
53 changes: 49 additions & 4 deletions spec/index.bs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1240,9 +1240,25 @@ To <dfn>fetch an identity assertion</dfn> given a {{USVString}}
1. [=converted to an IDL value|Convert=] |json| to an {{IdentityProviderToken}}, |token|.
1. If one of the previous two steps threw an exception, set |credential| to failure
and return.
1. If neither {{IdentityProviderToken/token}} nor {{IdentityProviderToken/continue_on}} was
specified, set |credential| to failure and return.
1. If {{IdentityProviderToken/token}} was specified, let |tokenString|
be |token|'s {{IdentityProviderToken/token}}.
1. Otherwise, if {{IdentityProviderToken/continue_on}} was specified:
1. Let |continueOnUrl| be the result of running [=parse url=] with |token|'s
{{IdentityProviderToken/continue_on}} and |globalObject|.
1. If |continueOnUrl| is failure, set |credential| to failure and return.
1. If |continueOnUrl| is not [=same origin=] with |tokenUrl|, set |credential|
to failure and return.
1. Let |tokenPair| be the result of [=show a continuation dialog=] with |continueOnUrl|.
1. If |tokenPair| is failure, set |credential| to failure and return.
1. Let |tokenString| be the first entry of |tokenPair|.
1. If the second entry of |tokenPair| is not null, set |accountId| to that second entry.
1. [=Create a connection between the RP and the IdP account=] with |provider|, |accountId|, and
|globalObject|.
1. Let |credential| be a new {{IdentityCredential}} given |globalObject|'s
<a for="global object">realm</a>.
1. Set |credential|'s {{IdentityCredential/token}} to |token|.
1. Set |credential|'s {{IdentityCredential/token}} to |tokenString|.
1. Set |credential|'s {{IdentityCredential/isAutoSelected}} to
|isAutoSelected|.
1. Wait for |credential| to be set.
Expand All @@ -1251,7 +1267,8 @@ To <dfn>fetch an identity assertion</dfn> given a {{USVString}}

<xmp class="idl">
dictionary IdentityProviderToken {
required USVString token;
USVString token;
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you put some thought on how/whether we should think about forwards compatibility?

USVString continue_on;
};
</xmp>

Expand Down Expand Up @@ -1293,8 +1310,6 @@ an {{IdentityProviderAPIConfig}} |config|, an {{IdentityProviderRequestOptions}}
1. The user agent MAY use the {{IdentityCredentialRequestOptions/context}} to customize the
dialog shown.
1. If the user does not grant permission, return false.
1. [=Create a connection between the RP and the IdP account=] with |provider|, |account|, and
|globalObject|.
1. Return true.
</div>

Expand Down Expand Up @@ -1458,6 +1473,31 @@ success or failure.
1. Otherwise, return failure.
</div>

<div algorithm>
To <dfn>show a continuation dialog</dfn> given a |continueOnUrl|, run the
following steps. This returns a failure or a tuple (string, string?) (a token
and an optional account ID).
1. Assert: these steps are running [=in parallel=].
1. [=Create a fresh top-level traversable=] with |continueOnUrl|.
1. The user agent MAY [=set up browsing context features=] or otherwise
affect the presentation of this traversable in an implementation-defined
way.
1. Wait for the first occurence of one of the following conditions:
* The user closes the browsing context: return failure.
* {{IdentityProvider}}.{{IdentityProvider/close}} is called in the
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should this actually be a reject() if the completion mechanism is resolve() — borrowing naming from Promises?

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ah yeah, that sounds nicer to me too!

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That or something like abort(reason?: string) and finish(token: string, accountId?: string)

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

IdentityProvider.close already exists (added to support logging in), so we either need to make it do something or make a decision it should not do something in this context.

IdentityProvider.reject makes sense to me but I'd prefer waiting until we have the error API (#498) because that's what adds the error code and URL to the returned credential. We have no place to put the reason until then.

(for what it's worth, we also have no IDP feedback on an API like reject)

context of this new traversable:
1. Close the traversable.
1. Return failure.
* {{IdentityProvider}}.{{IdentityProvider/resolve()}} is called in
the context of this new traversable.
bvandersloot-mozilla marked this conversation as resolved.
Show resolved Hide resolved
1. Close the traversable.
1. Let |token| be the token that was passed to that resolve call.
1. If {{IdentityResolveOptions/accountId}} was specified in the
resolve call, let |accountId| be that account ID.
1. Otherwise, let |accountId| be null.
1. Return (|token|, |accountId|).

</div>
<!-- ============================================================ -->
## The IdentityProvider Interface ## {#browser-api-identity-provider-interface}
<!-- ============================================================ -->
Expand All @@ -1473,8 +1513,13 @@ This specification introduces the {{IdentityUserInfo}} dictionary as well as the
USVString picture;
};

dictionary IdentityResolveOptions {
USVString accountId;
};

[Exposed=Window, SecureContext] interface IdentityProvider {
static undefined close();
static undefined resolve(DOMString token, optional IdentityResolveOptions options = {});
bvandersloot-mozilla marked this conversation as resolved.
Show resolved Hide resolved
static Promise&lt;sequence&lt;IdentityUserInfo&gt;&gt; getUserInfo(IdentityProviderConfig config);
};
</pre>
Expand Down
Loading