Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Specify the fields API #668

Open
wants to merge 9 commits into
base: main
Choose a base branch
from
Open

Specify the fields API #668

Changes from 4 commits
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
c8b28c8
Specify the fields API
cbiesinger Oct 28, 2024
5751d6c
Address comments from TallTed
cbiesinger Oct 29, 2024
01b3796
npm comments
cbiesinger Nov 7, 2024
c23d5d5
Merge remote-tracking branch 'origin' into fields
cbiesinger Nov 19, 2024
dec043b
TallTed oxford commas
cbiesinger Nov 19, 2024
c357604
Merge remote-tracking branch 'origin' into fields
cbiesinger Dec 4, 2024
b1c4998
allow UAs to not show the permission prompt
cbiesinger Dec 4, 2024
b5760fe
comments
cbiesinger Dec 5, 2024
cf5dc42
note
cbiesinger Dec 5, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
18 changes: 10 additions & 8 deletions spec/index.bs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -899,14 +899,14 @@ the exception thrown.
1. Otherwise, if |mediation| is "{{CredentialMediationRequirement/silent}}", return (failure, true).
1. Otherwise, if |accountsList|'s size is 1:
1. Set |account| to |accountsList|[0].
1. If [=compute the connection status=] of |account|, |provider| and |globalObject| returns
1. If [=compute the connection status=] of |account|, |provider|, and |globalObject| returns
[=compute the connection status/connected=], show a dialog to request user permission to sign
in via |account|, and set the result in |permission|. The user agent MAY use |options|'s
{{IdentityCredentialRequestOptions/context}} and |options|'s
{{IdentityCredentialRequestOptions/mode}} to customize the dialog.
1. Otherwise, let |permission| be the result of running [=request permission to sign-up=]
algorithm with |account|, |config|, |provider|, and |globalObject|. Also set
|permissionRequested| to true.
|permissionRequested| to true if the user agent [=supports showing a permission prompt=].
1. Otherwise:
1. Set |account| to the result of running the [=select an account=] from the
|accountsList|.
Expand All @@ -915,7 +915,7 @@ the exception thrown.
[=compute the connection status/connected=], set |permission| to true.
1. Otherwise, if |provider|.{{IdentityProviderRequestOptions/fields}} is [=list/empty=],
[=create a connection between the RP and the IdP account=] with |provider|, |account|,
and |globalObject| and set |permission| to |true|.
and |globalObject|, and set |permission| to |true|.

Note: The connection would normally be created in the [=request permission to sign-up=]
algorithm, but we do not want to show an extra dialog in this case.
Expand Down Expand Up @@ -1265,8 +1265,8 @@ To <dfn>fetch an identity assertion</dfn> given a {{USVString}}

Note: This parameter exists for backwards compatibility with older identity providers
that do not yet support `disclosure_shown_for`. At the time, the disclosure text,
if shown, always included name, email and picture. Newer identity providers should
check `disclosure_shown_for` instead.
if shown, always included name, email, and picture. Newer identity providers should
instead check `disclosure_shown_for`.
1. If |provider|'s {{IdentityProviderRequestOptions/params}} is not empty:
1. Let |json| be the result of [=serializing a JavaScript value to a JSON string=]
with |provider|'s {{IdentityProviderRequestOptions/params}}.
Expand Down Expand Up @@ -1378,7 +1378,8 @@ an {{IdentityProviderAPIConfig}} |config|, an {{IdentityProviderRequestOptions}}
metadata=] with |config|, |provider|, and |globalObject|.
1. Prompt the user to gather explicit intent to create an account. The user agent MAY use the
{{IdentityProviderBranding}} to inform the style choices of its UI. Additionally:
1. If |fields| is not [=list/empty=]:
1. The user agent SHOULD <dfn>support showing a permission prompt</dfn> as follows.
cbiesinger marked this conversation as resolved.
Show resolved Hide resolved
1. If |fields| is not [=list/empty=] and the user agent [=supports showing a permission prompt=]:
cbiesinger marked this conversation as resolved.
Show resolved Hide resolved
1. If |metadata| is not failure, |metadata|["{{IdentityProviderClientMetadata/privacy_policy_url}}"]
cbiesinger marked this conversation as resolved.
Show resolved Hide resolved
is defined, and the |provider|'s {{IdentityProviderConfig/clientId}} is not in the list of
|account|["{{IdentityProviderAccount/approved_clients}}"], then the user agent MUST display
Expand All @@ -1397,8 +1398,9 @@ an {{IdentityProviderAPIConfig}} |config|, an {{IdentityProviderRequestOptions}}
:: The user's profile picture as given in {{IdentityProviderAccount}}.{{IdentityProviderAccount/picture}}.

Any other string is ignored for forwards compatibility.
1. The user agent MAY use the {{IdentityCredentialRequestOptions/context}} to customize the
dialog shown.
1. The user agent MAY use the
{{IdentityCredentialRequestOptions/context}} and |options|'s
{{IdentityCredentialRequestOptions/mode}} to customize the dialog shown.
1. If the user does not grant permission, return false.
1. Return true.
</div>
Expand Down
Loading